CVE-2020-25156
Summary
| CVE | CVE-2020-25156 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-14 21:15:00 UTC |
| Updated | 2022-04-21 19:30:00 UTC |
| Description | Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. |
Risk And Classification
Problem Types: CWE-489
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bbraun | Datamodule Compactplus | - | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a10 | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a11 | All | All | All |
| Hardware | Bbraun | Spacecom | - | All | All | All |
| Operating System | Bbraun | Spacecom | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | CISA | CONFIRM | www.cisa.gov | |
| Security Advisory | CONFIRM | www.bbraun.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
There are currently no legacy QID mappings associated with this CVE.