Vulnerability CVE-2020-25166


Published: 2022-04-14   Modified: 2022-04-15

Description:
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.

Type:

CWE-347

(Improper Verification of Cryptographic Signature)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:C/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
7.8/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Partial

 References:
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Copyright 2022, cxsecurity.com

 

Back to Top