CVE-2020-25160
Summary
| CVE | CVE-2020-25160 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-14 21:15:00 UTC |
| Updated | 2022-07-08 18:19:00 UTC |
| Description | Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bbraun | Datamodule Compactplus | - | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a10 | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a11 | All | All | All |
| Hardware | Bbraun | Spacecom | - | All | All | All |
| Operating System | Bbraun | Spacecom | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | CISA | CONFIRM | www.cisa.gov | |
| Security Advisory | CONFIRM | www.bbraun.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
There are currently no legacy QID mappings associated with this CVE.