PT-2021-21545 · Swisslog · Swisslog Healthcare Nexus Panel

Published

2021-08-02

Updated

2021-08-10

CVE-2021-37165

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Swisslog Healthcare Nexus Panel versions prior to 7.2.5.7

Description A buffer overflow issue was discovered in the HMI3 Control Panel. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.

Recommendations For versions prior to 7.2.5.7, update to version 7.2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the HMI TCP socket to minimize the risk of exploitation.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

CVE-2021-37165

Affected Products

Swisslog Healthcare Nexus Panel

PT-2021-21545 · Swisslog · Swisslog Healthcare Nexus Panel

CVE-2021-37165

Weakness Enumeration

Related Identifiers

Affected Products

References · 12