CVE-2020-25168 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module...

CVE-2020-25164 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface...

CVE-2020-25166

CVE-2020-25166 concerns an improper verification of the cryptographic signature for firmware updates in B. Braun SpaceCom devices (SpaceCom, Battery Pack with Wi‑Fi) and Data module compactplus (versions L81/U61 and A10/A11). The root cause is signature verification weakness, allowing attackers t...

CVE-2020-25166 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper...

CVE-2020-25154

CVE-2020-25154 is an open redirect vulnerability in the B. Braun Melsungen AG SpaceCom family (SpaceCom SpaceStation, Battery Pack with Wi‑Fi) and the Data module compactplus (A10/A11). The ICS advisory (ICSMA-20-296-02) confirms a remote, unauthenticated open redirect in the administrative inter...

CVE-2020-25154 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites...

CVE-2020-25162 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

CVE-2020-25162 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges...

CVE-2020-25160

CVE-2020-25160 involves improper access controls in B. Braun SpaceCom (versions L81/U61 and earlier), Battery Pack with Wi‑Fi (U61/L81 and earlier), and Data module compactplus (A10/A11). The root cause is improper access control that allows attackers to extract and tamper with the devices’ netwo...

CVE-2020-25160 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration...

CVE-2020-16238 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user...

CVE-2020-25156 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root...

CVE-2020-25150 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...

CVE-2020-25150 B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute...