CVE-2021-33885

Exploit

EPSS 7.95%
Veröffentlicht 25.08.2021 12:15:16
Zuletzt bearbeitet 21.11.2024 06:09:43
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bbraun ≫ Spacecom2 Version < 012u000062

Bbraun ≫ Infusomat Large Volume Pump 871305u Version-
Bbraun ≫ Spacestation 8713142u Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	7.95%	0.917

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
cve@mitre.org	10	3.9	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-347 Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

https://www.bbraunusa.com/en.htm

Broken Link

https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2021-33885

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-33885

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-33885

EUVD