CRITICAL🇵🇱 Wersja polska

CVE-2021-33885

CVSS 10.0v3.1pub. 2021-08-25upd. 2024-11-21

An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Bbraun Infusomat Large Volume Pump 871305u

    HW
    Bbraun
    wszystkie wersje
  • Bbraun Spacecom2

    OS
    Bbraun
    < 012u000062
  • Bbraun Spacestation 8713142u

    HW
    Bbraun
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-33886HIGH8.1ten sam produkt

An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unau...

CVE-2021-33882MEDIUM6.8ten sam produkt

A Missing Authentication for Critical Function vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows ...

CVE-2021-33883MEDIUM5.9ten sam produkt

A Cleartext Transmission of Sensitive Information vulnerability in B. Braun SpaceCom2 prior to 012U000062 allo...

CVE-2021-33884MEDIUM6.5ten sam produkt

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 all...

CVE-2020-25172CRITICAL9.8ten sam vendor

A relative path traversal attack in the B. Braun OnlineSuite Version AP 3.0 and earlier allows unauthenticated...