PT-2021-20351 · B. Braun · B. Braun Spacecom2

Published

2021-08-25

Updated

2021-09-01

CVE-2021-33884

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: B. Braun SpaceCom2 versions prior to 012U000062

Description: The issue allows remote attackers to upload any files to the /tmp directory of the device through the webpage API, potentially resulting in critical files being overwritten.

Recommendations: For versions prior to 012U000062, update to version 012U000062 or later to resolve the issue. As a temporary workaround, consider restricting access to the webpage API to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2021-33884

Affected Products

B. Braun Spacecom2

PT-2021-20351 · B. Braun · B. Braun Spacecom2

CVE-2021-33884

Weakness Enumeration

Related Identifiers

Affected Products

References · 6