CVE-2021-37166

Name of the Vulnerable Software and Affected Versions Swisslog Healthcare Nexus Panel versions prior to 7.2.5.7

Description A buffer overflow issue leading to denial of service was discovered in the HMI3 Control Panel. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP socket, allowing the connection to be hijacked by an external attacker.

Recommendations For versions prior to 7.2.5.7, update to version 7.2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the TCP port used by the HMI3 Control Panel to minimize the risk of exploitation.