CVE-2020-25160

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

CVSS 6.8 MEDIUMEPSS 0.2%CWE-284

In short

A weakness in B. Braun medical devices allows attackers to improperly access and change the network settings, potentially compromising patient safety and device security.

Technical detail

Improper access control (CWE-284) in B. Braun SpaceCom (≤L81/U61) and Data module compactplus (A10, A11) permits unauthenticated or insufficiently authenticated extraction and modification of network configuration, affecting confidentiality and integrity of device communications.

Summary generated and translated by AI from the official description.

Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

Affected products

B. Braun Melsungen AG · Battery pack with Wi-Fi B. Braun Melsungen AG · Data module compactplus B. Braun Melsungen AG · SpaceCom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02