46 matches found
CVE-2020-25150
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...
Code injection
Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...
Improper access control
Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration...
Input validation
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper...
Design/Logic Flaw
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface...
Path traversal
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...
Open redirect
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites...
Hardcoded credentials
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module...
Design/Logic Flaw
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...
CVE-2020-25168
Hard-coded credentials in B. Braun SpaceCom and Data module compactplus (L81/U61 and A10/A11) enable attackers with command-line access to reach the device’s Wi‑Fi module. Affected: SpaceCom, Battery Pack with Wi‑Fi, Data module compactplus. Remediation: software updates released by B. Braun (US/...
CVE-2020-25164 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface...
CVE-2020-25168 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module...
CVE-2020-25164
CVE-2020-25164 affects B. Braun SpaceCom (L81/U61 and earlier) and Data module compactplus (A10/A11). Root cause: use of a one-way hash without a salt, enabling attackers with local access to recover administrative credentials. Impact: unauthorized access to the administrative interface. Affected...
CVE-2020-25166
CVE-2020-25166 concerns an improper verification of the cryptographic signature for firmware updates in B. Braun SpaceCom devices (SpaceCom, Battery Pack with Wi‑Fi) and Data module compactplus (versions L81/U61 and A10/A11). The root cause is signature verification weakness, allowing attackers t...
CVE-2020-25166 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper...
CVE-2020-25154
CVE-2020-25154 is an open redirect vulnerability in the B. Braun Melsungen AG SpaceCom family (SpaceCom SpaceStation, Battery Pack with Wi‑Fi) and the Data module compactplus (A10/A11). The ICS advisory (ICSMA-20-296-02) confirms a remote, unauthenticated open redirect in the administrative inter...
CVE-2020-25154 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites...
CVE-2020-25162 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...
CVE-2020-25162 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...
CVE-2020-25152 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges...