CVE-2021-33884

Published: Aug 25, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten.

Affected (1)

Products: Bbraun: Spacecom2

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Bbraun Spacecom2	Before 012u000062

Running on/with	Platform Versions
Bbraun Infusomat Large Volume Pump 871305u	All versions
Bbraun Spacestation 8713142u	All versions

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://www.bbraunusa.com/en.htm

Source: cve@mitre.org

Broken Link

https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.bbraunusa.com/en.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.