7.6
CVE-2020-25166
- EPSS 0.44%
- Veröffentlicht 14.04.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 05:17:31
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginB. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bbraun ≫ Datamodule Compactplus Versiona10
Bbraun ≫ Datamodule Compactplus Versiona11
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.44% | 0.351 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 2.8 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
|
| nvd@nist.gov | 7.5 | 8 | 7.8 |
AV:N/AC:L/Au:S/C:N/I:C/A:P
|
| ics-cert@hq.dhs.gov | 7.6 | 2.8 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02