PT-2021-21540 · Swisslog · Swisslog Healthcare Nexus Panel

Published

2021-08-02

Updated

2022-07-12

CVE-2021-37160

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Swisslog Healthcare Nexus Panel versions prior to 7.2.5.7

Description A firmware validation issue was discovered in the HMI3 Control Panel. The issue arises from the lack of firmware validation, such as cryptographic signature validation, during a file upload for a firmware update.

Recommendations For versions prior to 7.2.5.7, update to version 7.2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting file uploads for firmware updates until the update is applied.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2021-37160

Affected Products

Swisslog Healthcare Nexus Panel

PT-2021-21540 · Swisslog · Swisslog Healthcare Nexus Panel

CVE-2021-37160

Weakness Enumeration

Related Identifiers

Affected Products

References · 10