CVE-2020-25168
Summary
| CVE | CVE-2020-25168 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-14 21:15:00 UTC |
| Updated | 2022-04-21 18:17:00 UTC |
| Description | Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. |
Risk And Classification
Problem Types: CWE-798
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Bbraun | Datamodule Compactplus | - | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a10 | All | All | All |
| Operating System | Bbraun | Datamodule Compactplus | a11 | All | All | All |
| Hardware | Bbraun | Spacecom | - | All | All | All |
| Operating System | Bbraun | Spacecom | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | CISA | CONFIRM | www.cisa.gov | |
| Security Advisory | CONFIRM | www.bbraun.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).
There are currently no legacy QID mappings associated with this CVE.