CVE-2021-33885

Опубликовано: 25 авг. 2021

Источник: nvd

CVSS3: 10

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets.

Ссылки

https://www.bbraunusa.com/en.htm
Broken Link
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/
Exploit
Third Party Advisory
https://www.bbraunusa.com/en.htm
Broken Link
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:bbraun:spacecom2:*:*:*:*:*:*:*:*

Версия до 012u000062 (исключая)

Одно из

cpe:2.3:h:bbraun:infusomat_large_volume_pump_871305u:-:*:*:*:*:*:*:*

cpe:2.3:h:bbraun:spacestation_8713142u:-:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.07945

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-347

Связанные уязвимости

GHSA-84xj-78rw-rf33

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 92%

0.07945

Низкий

10 Critical

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-347