CVE-2020-25164
Summary
| CVE | CVE-2020-25164 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-14 21:15:00 UTC |
| Updated | 2022-04-21 19:04:00 UTC |
| Description | A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. |
Risk And Classification
Problem Types: CWE-759
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bbraun | Datamodule Compactplus | - | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a10 | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a11 | All | All | All |
| Hardware | Bbraun | Spacecom | - | All | All | All |
| Operating System | Bbraun | Spacecom | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | CISA | CONFIRM | www.cisa.gov | |
| Security Advisory | CONFIRM | www.bbraun.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
There are currently no legacy QID mappings associated with this CVE.