PT-2022-8707 · B. Braun Melsungen Ag · Data Module Compactplus+1

Published

2022-04-14

Updated

2022-04-21

CVE-2020-25166

CVSS v3.1

7.6

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Name of the Vulnerable Software and Affected Versions B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier B. Braun Melsungen AG Data module compactplus versions A10 and A11

Description The issue is related to an improper verification of the cryptographic signature of firmware updates, allowing attackers to generate valid firmware updates with arbitrary content. This can be used to tamper with devices.

Recommendations For B. Braun Melsungen AG SpaceCom versions L81/U61 and earlier, update to a version later than L81/U61 to resolve the issue. For B. Braun Melsungen AG Data module compactplus versions A10 and A11, consider disabling firmware updates until a patch is available.

Fix

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

CVE-2020-25166

Affected Products

Data Module Compactplus

Spacecom

PT-2022-8707 · B. Braun Melsungen Ag · Data Module Compactplus+1

CVE-2020-25166

Weakness Enumeration

Related Identifiers

Affected Products

References · 5