Tom Johnston

**Name of the Vulnerable Software and Affected Versions** B.Braun Battery Pack SP with WiFi web server versions L90/U70 and L92/U92 **Description** The issue is related to an improper neutralization of directives in dynamically evaluated code in the WiFi Battery embedded web server. This can be exploited by an authenticated user with access to the medical device WiFi network and the specific B.Braun Battery Pack SP with WiFi web server credentials to gain administrative access to the WiFi communication module. This access could be used as a vector to start further attacks. **Recommendations** For versions L90/U70 and L92/U92, consider disabling access to the WiFi Battery embedded web server until a patch is available to prevent exploitation. Restrict access to the WiFi communication module to minimize the risk of gaining administrative access. Avoid using the WiFi web server credentials for the B.Braun Battery Pack SP until the issue is resolved.