HIGH✓ PATCH🇬🇧 English

CVE-2020-25166

CVSS 7.6v3.1pub. 2022-04-14upd. 2024-11-21

An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
  • Bbraun Datamodule Compactplus

    OS
    Bbraun
    a10a11
  • Bbraun Spacecom

    OS
    Bbraun
    ≤ l81
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2020-25158HIGH7.6ten sam produkt

A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and...

CVE-2020-25150HIGH7.6ten sam produkt

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Da...

CVE-2020-25162HIGH7.5ten sam produkt

A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Dat...

CVE-2020-25156HIGH7.2ten sam produkt

Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versio...

CVE-2020-25164MEDIUM6.5ten sam produkt

A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compact...