CVE-2020-16238

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

CVSS 6.7 MEDIUMEPSS 0.2%CWE-269

In short

B. Braun medical device configuration import mechanism allows attackers with command line access to escalate their privileges to root, giving them full control over the system.

Technical detail

CWE-269 (improper privilege management) in configuration import functionality of B. Braun SpaceCom (L81/U61 and earlier) and Data module compactplus (A10-A11) allows local attackers with command line access to escalate privileges to root via the configuration mechanism, bypassing access controls.

Summary generated and translated by AI from the official description.

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user.

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

B. Braun Melsungen AG · Battery pack with Wi-Fi B. Braun Melsungen AG · Data module compactplus B. Braun Melsungen AG · SpaceCom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02