PT-2020-6692 · B. Braun Melsungen Ag · Data Module Compactplus+1
Birk Kauer
+3
·
Published
2020-10-22
·
Updated
2022-04-21
·
CVE-2020-16238
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier
B. Braun Melsungen AG Data module compactplus versions A10 and A11
Description
The issue is related to the configuration import mechanism, which allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. This is due to insecure privilege management in the firmware of the affected medical devices.
Recommendations
For B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier, update to a version later than L81/U61 to resolve the issue.
For B. Braun Melsungen AG Data module compactplus versions A10 and A11, update to a version later than A11 to resolve the issue.
As a temporary workaround, consider restricting command line access to the underlying Linux system to minimize the risk of exploitation.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Data Module Compactplus
Spacecom