11 matches found
CVE-2020-25158
CVE-2020-25158 is a reflected XSS vulnerability affecting B. Braun SpaceCom, Battery Pack with Wi‑Fi, and Data module compactplus (SpaceCom v L81/U61 and earlier; compactplus A10/A11). The ICS advisory details multiple related issues (XSS and other CVEs) and confirms impact when these components ...
CVE-2020-16238
CVE-2020-16238 affects B. Braun SpaceCom/Lx configurations and Data module compactplus (versions L81/U61 and earlier outside US; A10/A11 in compactplus). The root cause is an improper privilege escalation via the configuration import mechanism, enabling attackers with local command‑line access to...
CVE-2020-25162
CVE-2020-25162 is an XPath injection vulnerability affecting B. Braun SpaceCom, Battery Pack SP with Wi‑Fi, and Data module compactplus. Affected software: SpaceCom/L81 (and U61) and Data module compactplus/A10–A11 (non‑US distribution). Root cause per the advisory: improper handling of XPath exp...
CVE-2020-25150
CVE-2020-25150 describes a relative path traversal vulnerability in B. Braun Melsungen AG SpaceCom (versions L81/U61 and earlier) and Data module compactplus (versions A10 and A11). The underlying issue enables attackers with service-user privileges to upload arbitrary files via a crafted tar fil...
CVE-2020-25156
CVE-2020-25156 concerns active debug code in B. Braun SpaceCom (versions L8/U61 and earlier) and Data module compactplus (A10/A11 and earlier) enabling possession of cryptographic material to gain root access. Connected sources confirm affected products and versions, with remediation updates rele...
CVE-2020-25166
CVE-2020-25166 concerns an improper verification of the cryptographic signature for firmware updates in B. Braun SpaceCom devices (SpaceCom, Battery Pack with Wi‑Fi) and Data module compactplus (versions L81/U61 and A10/A11). The root cause is signature verification weakness, allowing attackers t...
CVE-2020-25154
CVE-2020-25154 is an open redirect vulnerability in the B. Braun Melsungen AG SpaceCom family (SpaceCom SpaceStation, Battery Pack with Wi‑Fi) and the Data module compactplus (A10/A11). The ICS advisory (ICSMA-20-296-02) confirms a remote, unauthenticated open redirect in the administrative inter...
CVE-2020-25164
CVE-2020-25164 affects B. Braun SpaceCom (L81/U61 and earlier) and Data module compactplus (A10/A11). Root cause: use of a one-way hash without a salt, enabling attackers with local access to recover administrative credentials. Impact: unauthorized access to the administrative interface. Affected...
CVE-2020-25168
Hard-coded credentials in B. Braun SpaceCom and Data module compactplus (L81/U61 and A10/A11) enable attackers with command-line access to reach the device’s Wi‑Fi module. Affected: SpaceCom, Battery Pack with Wi‑Fi, Data module compactplus. Remediation: software updates released by B. Braun (US/...
CVE-2020-25160
CVE-2020-25160 involves improper access controls in B. Braun SpaceCom (versions L81/U61 and earlier), Battery Pack with Wi‑Fi (U61/L81 and earlier), and Data module compactplus (A10/A11). The root cause is improper access control that allows attackers to extract and tamper with the devices’ netwo...
CVE-2020-25152
CVE-2020-25152 is a session fixation vulnerability in B. Braun SpaceCom administrative interface and the Data module compactplus. Affected: SpaceCom software versions L81/U61 and earlier (outside US) and SpaceCom 2; Data module compactplus versions A10 and A11. Root cause: session fixation that c...