CVE-2020-25152

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

CVSS 6.5 MEDIUMEPSS 1.2%CWE-384

In short

A flaw in B. Braun medical device administrative interfaces allows attackers to steal and reuse user sessions, gaining unauthorized access and control over the device.

Technical detail

Session fixation vulnerability in B. Braun SpaceCom (≤L81/U61) and Data module compactplus (A10, A11) administrative interfaces permits remote attackers to hijack established sessions without authentication, enabling privilege escalation and unauthorized administrative access.

Summary generated and translated by AI from the official description.

A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

B. Braun Melsungen AG · Battery pack with Wi-Fi B. Braun Melsungen AG · Data module compactplus B. Braun Melsungen AG · SpaceCom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02