CVE-2017-6018 - OpenCVE

An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bbraun	Spacestation Station Firmware

Configuration 1 [-]

AND

cpe:2.3:o:bbraun:station_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bbraun:spacestation:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-06-30T02:35:00

Updated: 2024-08-05T15:18:49.550Z

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6018

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-06-30T03:29:00.267

Modified: 2019-10-09T23:28:33.870

Link: CVE-2017-6018

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "B. Braun Medical SpaceCom", "vendor": "n/a", "versions": [{"status": "affected", "version": "B. Braun Medical SpaceCom"}]}], "datePublic": "2017-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-6018", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "B. Braun Medical SpaceCom", "version": {"version_data": [{"version_value": "B. Braun Medical SpaceCom"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:18:49.550Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-6018", "datePublished": "2017-06-30T02:35:00", "dateReserved": "2017-02-16T00:00:00", "dateUpdated": "2024-08-05T15:18:49.550Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bbraun:station_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E894122-0F6B-4A60-BA71-BC9B03A3CAA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bbraun:spacestation:-:*:*:*:*:*:*:*", "matchCriteriaId": "B457DA3F-190E-450C-97B3-8523BC563391", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."}, {"lang": "es", "value": "Se detect\u00f3 un problema de redireccionamiento abierto en el m\u00f3dulo SpaceCom de B. Braun Medical, que est\u00e1 integrado en la estaci\u00f3n de acoplamiento SpaceStation: m\u00f3dulo SpaceStation with SpaceCom (integrado como n\u00famero de parte 8713142U), versiones de software anteriores a 012U000040 y SpaceStation (n\u00famero de parte 8713140U) con m\u00f3dulo SpaceCom instalado (n\u00famero de parte 8713160U), versiones de software anteriores a 012U000040. El servidor web del producto afectado acepta entradas no seguras, lo que podr\u00eda permitir a atacantes redireccionar la petici\u00f3n a una direcci\u00f3n URL no deseada contenida en una entrada no segura."}], "id": "CVE-2017-6018", "lastModified": "2019-10-09T23:28:33.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-30T03:29:00.267", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}