Multiple vulnerabilities in B. Braun Battery Pack SP with Wi-Fi, SpaceStation with SpaceCom 2 and Data module compactPlus outside the United States and Canada

1) Input validation error

EUVDB-ID: #VU56076

Risk: Medium

CVSSv4.0: 6.2 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-33886

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker on the local network can gain user level command line access through passing a raw external string straight through to printf statements.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Data module compactPlus: A10 - A11

SpaceStation with SpaceCom 2: L81

Battery pack SP with Wi-Fi: L81

CPE2.3

• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A10:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A11:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:L81:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:L81:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Insufficient verification of data authenticity

EUVDB-ID: #VU56077

Risk: High

CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2021-33885

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromsie the target system.

The vulnerability exists due to insufficient verification of data authenticity. A remote attacker can send specially crafted data to the device, leading to execution through lack of cryptographic signatures on critical data sets.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Data module compactPlus: A10 - A11

SpaceStation with SpaceCom 2: L81

Battery pack SP with Wi-Fi: L81

CPE2.3

• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A10:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A11:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:L81:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:L81:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Missing Authentication for Critical Function

EUVDB-ID: #VU56078

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-33882

CWE-ID: CWE-306 - Missing Authentication for Critical Function

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to lack of authentication on proprietary networking commands. A remote attacker can reconfigure the device from an unknown source.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Data module compactPlus: A10 - A11

SpaceStation with SpaceCom 2: L81

Battery pack SP with Wi-Fi: L81

CPE2.3

• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A10:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A11:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:L81:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:L81:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Cleartext transmission of sensitive information

EUVDB-ID: #VU56079

Risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-33883

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker can obtain sensitive information by snooping the network traffic

Mitigation

Install update from vendor's website.

Vulnerable software versions

Data module compactPlus: A10 - A11

SpaceStation with SpaceCom 2: L81

Battery pack SP with Wi-Fi: L81

CPE2.3

• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A10:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A11:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:L81:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:L81:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Arbitrary file upload

EUVDB-ID: #VU56080

Risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2021-33884

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload any files to the /tmp directory of the device through the webpage API.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Data module compactPlus: A10 - A11

SpaceStation with SpaceCom 2: L81

Battery pack SP with Wi-Fi: L81

CPE2.3

• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A10:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:data_module_compactplus:A11:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:spacestation_with_spacecom_2:L81:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:*:*:*:*:*:*:*:*
• cpe:2.3:h:b._braun_melsungen_ag:battery_pack_sp_with_wi-fi:L81:*:*:*:*:*:*:*

External links

http://ics-cert.us-cert.gov/advisories/icsma-21-294-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.