CVE-2021-37160

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation e.g., cryptographic signature validation during a File Upload for a firmware update...

CVE-2021-37167

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of t...

CVE-2021-37166

A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and...

CVE-2021-37164

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a...

CVE-2021-37161

A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote...

CVE-2021-37166

A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and...

CVE-2021-37160

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation e.g., cryptographic signature validation during a File Upload for a firmware update...

CVE-2021-37163

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

Default credentials

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of t...

Buffer overflow

A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and...

Stack overflow

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a...

Buffer overflow

A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote...

Buffer overflow

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote co...

CVE-2021-37164

The CVE-2021-37164 issue affects Swisslog Healthcare Nexus Control Panel (Nexus Panel). A stack-based buffer overflow is caused by an out-of-bounds write in tcpTxThread when processing received data, affecting released versions before Nexus Software 7.2.5.7. CNVD-2021-62178 confirms an out-of-bou...

CVE-2021-37164

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a...

CVE-2021-37163

CVE-2021-37163 affects Swisslog Healthcare Nexus HMI3 Control Panel (Nexus software before 7.2.5.7). The device has two hardcoded passwords and an insecure permissions issue, enabling potential unauthorized access over the network. Impact details are described as high/severe in the CVSS metrics. ...

CVE-2021-37163

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded...

CVE-2021-37167

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of t...

CVE-2021-37167

CVE-2021-37167 affects the HMI3 Control Panel in Swisslog Healthcare Nexus Panel, specifically released builds prior to Nexus Software 7.2.5.7. An insecure permissions issue allows a user who logs in with default credentials to gain root access to the device, granting full control over device fun...

CVE-2021-37166

CVE-2021-37166 affects Swisslog Healthcare Nexus Panel (HMI3 Control Panel). The issue is a buffer/connection handling vulnerability that occurs during startup when the HMI3 binds a local service to a TCP port on all interfaces and waits a long time for the GUI to connect, enabling an external at...