Vulnerability Details CVE-2020-25168
Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.9%
CVSS Severity
CVSS v3 Score 3.3
CVSS v2 Score 2.1
References
- https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
- https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
- https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
- https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
Products affected by CVE-2020-25168
-
cpe:2.3:h:bbraun:datamodule_compactplus:-
-
cpe:2.3:h:bbraun:spacecom:-
-
cpe:2.3:o:bbraun:datamodule_compactplus:a10
-
cpe:2.3:o:bbraun:datamodule_compactplus:a11
-
cpe:2.3:o:bbraun:spacecom:*