CVE-2021-37164

Name of the Vulnerable Software and Affected Versions Swisslog Healthcare Nexus Panel versions prior to 7.2.5.7

Description A buffer overflow issue was discovered in the HMI3 Control Panel. The issue occurs in the tcpTxThread function, where received data is copied to a stack buffer, potentially leading to a stack-based buffer overflow due to an off-by-3 condition. This buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution.

Recommendations For versions prior to 7.2.5.7, update to version 7.2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the tcpTxThread function until a patch is available.