CVE-2021-33885

Published: Aug 25, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An Insufficient Verification of Data Authenticity vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to send the device malicious data that will be used in place of the correct data. This results in full system command access and execution because of the lack of cryptographic signatures on critical data sets.

Affected (1)

Products: Bbraun: Spacecom2

1 product

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Bbraun Spacecom2	Before 012u000062

Running on/with	Platform Versions
Bbraun Infusomat Large Volume Pump 871305u	All versions
Bbraun Spacestation 8713142u	All versions

Related CWEs

Improper Verification of Cryptographic Signature

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

References (4)

https://www.bbraunusa.com/en.htm

Source: cve@mitre.org

Broken Link

https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.bbraunusa.com/en.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.