CVE-2020-25150
Summary
| CVE | CVE-2020-25150 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-14 21:15:00 UTC |
| Updated | 2022-10-21 18:55:00 UTC |
| Description | A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bbraun | Datamodule Compactplus | - | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a10 | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a11 | All | All | All |
| Hardware | Bbraun | Spacecom | - | All | All | All |
| Operating System | Bbraun | Spacecom | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | CISA | CONFIRM | www.cisa.gov | |
| Security Advisory | CONFIRM | www.bbraun.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
There are currently no legacy QID mappings associated with this CVE.