Описание
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.
Ссылки
- Broken Link
- Third Party AdvisoryUS Government Resource
- Broken Link
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:bbraun:datamodule_compactplus:a10:*:*:*:*:*:*:*
cpe:2.3:o:bbraun:datamodule_compactplus:a11:*:*:*:*:*:*:*
cpe:2.3:h:bbraun:datamodule_compactplus:-:*:*:*:*:*:*:*
Конфигурация 2Версия до l81 (включая)
Одновременно
cpe:2.3:o:bbraun:spacecom:*:*:*:*:*:*:*:*
cpe:2.3:h:bbraun:spacecom:-:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00088
Низкий
7.6 High
CVSS3
7.1 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-347
Связанные уязвимости
CVSS3: 7.1
github
почти 4 года назад
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.
EPSS
Процентиль: 25%
0.00088
Низкий
7.6 High
CVSS3
7.1 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-347