← Back

Hmi 3 Control Panel Firmware

hmi-3_control_panel_firmware

Vendor: Swisslog Healthcare • 8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-37167
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credential...Show more
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of the functionality of the device.Show less
CVE-2021-37166
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
7.5 HIGH· v3
7.8 HIGH· v2
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, i...Show more
A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker.Show less
CVE-2021-37164
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is c...Show more
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow.Show less
CVE-2021-37163
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords tha...Show more
An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.Show less
CVE-2021-37162
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buf...Show more
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote code execution.Show less
CVE-2021-37161
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an...Show more
A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution.Show less
CVE-2021-37160
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptogr...Show more
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.Show less
CVE-2021-37165
1Swisslog Healthcare
1Hmi 3 Control Panel Firmware
Nov 21, 2024
Aug 2, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is...Show more
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.Show less