PT-2021-20352 · B. Braun · B. Braun Spacecom2

Published

2021-08-25

Updated

2022-07-12

CVE-2021-33885

CVSS v3.1

Critical

Vector

AC:L/AV:N/A:N/C:H/I:H/PR:N/S:C/UI:N

Name of the Vulnerable Software and Affected Versions: B. Braun SpaceCom2 versions prior to 012U000062

Description: The issue is related to insufficient verification of data authenticity, allowing a remote unauthenticated attacker to send malicious data to the device. This malicious data is then used in place of the correct data, resulting in full system command access and execution due to the lack of cryptographic signatures on critical data sets.

Recommendations: For versions prior to 012U000062, update to version 012U000062 or later to resolve the issue. As a temporary workaround, consider restricting access to the device to minimize the risk of exploitation.

Exploit

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2021-33885

Affected Products

B. Braun Spacecom2

PT-2021-20352 · B. Braun · B. Braun Spacecom2

CVE-2021-33885

Weakness Enumeration

Related Identifiers

Affected Products

References · 7