Vulnerability Details CVE-2020-25152
A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.8
References
- https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
- https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
- https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
- https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
Products affected by CVE-2020-25152
-
cpe:2.3:h:bbraun:datamodule_compactplus:-
-
cpe:2.3:h:bbraun:spacecom:-
-
cpe:2.3:o:bbraun:datamodule_compactplus:a10
-
cpe:2.3:o:bbraun:datamodule_compactplus:a11
-
cpe:2.3:o:bbraun:spacecom:*