Today the CISA NCCIC-ICS published two medical device security advisories for products from B. Braun Melsungen AG.
SpaceCom Advisory X
This advisory describes eleven vulnerabilities in the B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus products. The vulnerabilities were reported by Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research, and Dr. Oliver Matula of ERNW Enno Rey Netzwerke via the German Federal Office for Information Security (BSI). B. Braun has updates that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
The eleven reported vulnerabilities are:
• Cross-site scripting - CVE-2020-25158,
• Open redirect - CVE-2020-25154,
• XPath injection - CVE-2020-25162,
• Session fixation - CVE-2020-25152,
• Use of one-way hash without a salt
- CVE-2020-25164,
• Relative path traversal - CVE-2020-25150,
• Improper verification of
cryptographic signature - CVE-2020-25166,
• Improper privilege management - CVE-2020-16238,
• Use of hard-coded credentials - CVE-2020-25168,
• Active debug code - CVE-2020-25156,
and
• Improper access control - CVE-2020-25160
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit these vulnerabilities to allow an attacker to compromise the security of the Space or compactplus communication devices, allowing an attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution.
OnlineSuite Advisory
This advisory describes three vulnerabilities in the B. Braun OnlineSuite product. The vulnerabilities were reported by the same researchers mentioned in the first advisory. B. Braun has an update that mitigates the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
The three reported vulnerabilities are:
• Relative path traversal - CVE-2020-25172,
• Uncontrolled search path element
- CVE-2020-25174,
• Improper neutralization of formula elements in a CSV file - CVE-2020-25170
NCCIC-ICS reports that a relatively low-skilled attacker could remotely exploit the vulnerabilities to allow an attacker to escalate privileges, download and upload arbitrary files, and perform remote code execution.
NOTE: Neither of the company advisories are listed on the US
web site for B. Braun.
No comments:
Post a Comment