9.8
CVE-2021-37160
- EPSS 8.23%
- Veröffentlicht 02.08.2021 13:15:07
- Zuletzt bearbeitet 21.11.2024 06:14:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginA firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Swisslog-healthcare ≫ Hmi-3 Control Panel Firmware Version < 7.2.5.7
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.23% | 0.942 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.
https://www.armis.com/PwnedPiper
https://www.swisslog-healthcare.com
https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37160-bulletin---no-firmware-update-validation.pdf?rev=c7f94647037c4007992e2e626d445561&hash=E89531490070A809FB74994018BA1248