Vulnerability CVE-2020-25166
Published: 2022-04-14

Description:
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.

Type:

CWE-347

 (Improper Verification of Cryptographic Signature)

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:C/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
7.8/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Complete
Partial

 References:
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
Copyright 2024, cxsecurity.com

 

Back to Top