5 matches found
CVE-2021-33886
CVE-2021-33886 describes an Improper Input Sanitization in B. Braun SpaceCom2, allowing remote, unauthenticated attackers on the same network to gain user-level command-line access by passing a raw string to printf. The vulnerability is tied to SpaceCom2 before 012U000062. Connected sources (Red ...
CVE-2021-33885
CVE-2021-33885 is a vulnerability in B. Braun SpaceCom2 before 012U000062 (CWE-345, Insufficient Verification of Data Authenticity). A remote, unauthenticated attacker can send malicious data that is used in place of correct data, enabling full system command access and execution due to the lack ...
CVE-2021-33883
CVE-2021-33883 affects B. Braun SpaceCom2 prior to 012U000062, exposing a cleartext transmission vulnerability that allows remote attackers to snoop network traffic and obtain sensitive data, including pump internal configuration values. Connected documents also describe related issues in SpaceCo...
CVE-2021-33882
CVE-2021-33882 affects B. Braun SpaceCom2 prior to 012U000062 and is a Missing Authentication for Critical Function issue that lets a remote attacker reconfigure the device via unauthenticated commands on the SpaceCom/SpaceStation interface. Public Red Hat/US advisories and the McAfee/Trellix ana...
CVE-2021-33884
CVE-2021-33884 affects B. Braun SpaceCom2 prior to 012U000062 and allows unrestricted upload of files to the device’s /tmp directory via the web API, potentially overwriting critical files. Connected sources also describe mitigations: B. Braun patches (012U000062+ in SpaceCom2) and related adviso...