Vulnerability Details CVE-2021-33884
An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 48.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 5.0
References
- https://www.bbraunusa.com/en.htm
- https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/
- https://www.bbraunusa.com/en.htm
- https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/
Products affected by CVE-2021-33884
-
cpe:2.3:h:bbraun:infusomat_large_volume_pump_871305u:-
-
cpe:2.3:h:bbraun:spacestation_8713142u:-
-
cpe:2.3:o:bbraun:spacecom2:-