CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-37160

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.02

EPSS Ranking 83.3%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://www.armis.com/PwnedPiper
https://www.swisslog-healthcare.com
https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37160-bulletin---no-firmware-update-validation.pdf?rev=c7f94647037c4007992e2e626d445561&hash=E89531490070A809FB74994018BA1248
https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
https://www.armis.com/PwnedPiper
https://www.swisslog-healthcare.com
https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37160-bulletin---no-firmware-update-validation.pdf?rev=c7f94647037c4007992e2e626d445561&hash=E89531490070A809FB74994018BA1248
https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20

Products affected by CVE-2021-37160

Swisslog-Healthcare » Hmi-3 Control Panel » Version: N/A

cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-
Swisslog-Healthcare » Hmi-3 Control Panel Firmware » Version: Any

cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-37160

Products

Pricing

Contact Us