PT-2022-8698 · B. Braun Melsungen Ag · Data Module Compactplus+1
Birk Kauer
+3
·
Published
2022-04-14
·
Updated
2022-10-21
·
CVE-2020-25150
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier
B. Braun Melsungen AG Data module compactplus versions A10 and A11
Description
A relative path traversal attack allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file, an attacker can execute arbitrary commands.
Recommendations
For B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier, restrict access to file upload functionality until a fix is available.
For B. Braun Melsungen AG Data module compactplus versions A10 and A11, consider disabling the file upload feature to prevent exploitation.
Fix
Path traversal
Relative Path Traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Data Module Compactplus
Spacecom