CVE-2020-25156

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

CVSS 7.2 HIGHEPSS 1.1%CWE-489

In short

Debug code left active in B. Braun medical devices allows attackers with certain cryptographic keys to gain full control (root access) of the device. This is dangerous because these devices are used in hospitals to manage patient care.

Technical detail

Active debug code in B. Braun SpaceCom (L8/U61) and Data module compactplus (A10, A11) permits unauthenticated root access when cryptographic material is available. Attack vector requires possession of specific cryptographic credentials; impact includes complete device compromise and potential manipulation of medical functionality.

Summary generated and translated by AI from the official description.

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

B. Braun Melsungen AG · Battery pack with Wi-Fi B. Braun Melsungen AG · Data module compactplus B. Braun Melsungen AG · SpaceCom

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02