CVE-2020-16238

EPSS 0.08%
Veröffentlicht 14.04.2022 21:15:07
Zuletzt bearbeitet 21.11.2024 05:07:00
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bbraun ≫ Datamodule Compactplus Versiona10

Bbraun ≫ Datamodule Compactplus Version-

Bbraun ≫ Datamodule Compactplus Versiona11

Bbraun ≫ Datamodule Compactplus Version-

Bbraun ≫ Spacecom Version <= l81

Bbraun ≫ Spacecom Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.237

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C
ics-cert@hq.dhs.gov	6.7	0.8	5.9	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Broken Link

https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2020-16238

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-16238

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-16238

EUVD