CVE-2020-25154

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

CVSS 5.4 MEDIUMEPSS 0.6%CWE-601

In short

The B. Braun SpaceCom and Data module compactplus devices have a flaw in their admin interface that allows attackers to trick users into visiting malicious websites by disguising harmful links as legitimate ones. This can lead to credential theft or malware infection.

Technical detail

An open redirect vulnerability exists in the administrative interface of affected B. Braun devices (SpaceCom L81/U61 and earlier, Data module compactplus A10/A11) that allows an unauthenticated attacker to craft a malicious URL redirecting authenticated users to external sites. The attack vector is network-based and relies on social engineering; successful exploitation can compromise user credentials or deliver malware.

Summary generated and translated by AI from the official description.

An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected products

B. Braun Melsungen AG · Battery pack with Wi-Fi B. Braun Melsungen AG · Data module compactplus B. Braun Melsungen AG · SpaceCom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02