CVE-2020-25150

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

CVSS 7.6 HIGHEPSS 1.4%CWE-23

In short

A flaw in B. Braun medical devices allows someone with service access to upload harmful files by exploiting how the system handles file paths, potentially letting them run any commands they want on the device.

Technical detail

A relative path traversal vulnerability (CWE-23) in B. Braun SpaceCom L81/U61 and Data module compactplus A10/A11 permits authenticated service users to upload arbitrary files via crafted tar archives, enabling arbitrary command execution on the affected medical devices.

Summary generated and translated by AI from the official description.

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Affected products

B. Braun Melsungen AG · Battery pack with Wi-Fi B. Braun Melsungen AG · Data module compactplus B. Braun Melsungen AG · SpaceCom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02