{"containers": {"cna": {"affected": [{"product": "SpaceCom", "vendor": "B. Braun Melsungen AG", "versions": [{"lessThanOrEqual": "U61", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "L81", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Battery pack with Wi-Fi", "vendor": "B. Braun Melsungen AG", "versions": [{"lessThanOrEqual": "U61", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "L81", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Data module compactplus", "vendor": "B. Braun Melsungen AG", "versions": [{"status": "affected", "version": "A10"}, {"status": "affected", "version": "A11"}]}], "credits": [{"lang": "en", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "descriptions": [{"lang": "en", "value": "A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-759", "description": "CWE-759: Use of a One-Way Hash without a Salt", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-14T20:06:00.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "solutions": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "source": {"discovery": "EXTERNAL"}, "title": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus", "workarounds": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25164", "STATE": "PUBLIC", "TITLE": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SpaceCom", "version": {"version_data": [{"version_affected": "<=", "version_value": "U61"}, {"version_affected": "<=", "version_value": "L81"}]}}, {"product_name": "Battery pack with Wi-Fi", "version": {"version_data": [{"version_affected": "<=", "version_value": "U61"}, {"version_affected": "<=", "version_value": "L81"}]}}, {"product_name": "Data module compactplus", "version": {"version_data": [{"version_affected": "=", "version_value": "A10"}, {"version_affected": "=", "version_value": "A11"}]}}]}, "vendor_name": "B. Braun Melsungen AG"}]}}, "credit": [{"lang": "eng", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-759: Use of a One-Way Hash without a Salt"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"name": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "refsource": "CONFIRM", "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}]}, "solution": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:26:09.576Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:54:15.208760Z", "id": "CVE-2020-25164", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:29:36.723Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25164", "datePublished": "2022-04-14T20:06:00.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T16:29:36.723Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:26:09.576Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-25164", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-16T15:54:15.208760Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:54:17.581Z"}}], "cna": {"title": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "B. Braun Melsungen AG", "product": "SpaceCom", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "U61"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "L81"}]}, {"vendor": "B. Braun Melsungen AG", "product": "Battery pack with Wi-Fi", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "U61"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "L81"}]}, {"vendor": "B. Braun Melsungen AG", "product": "Data module compactplus", "versions": [{"status": "affected", "version": "A10"}, {"status": "affected", "version": "A11"}]}], "solutions": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "tags": ["x_refsource_CONFIRM"]}], "workarounds": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-759", "description": "CWE-759: Use of a One-Way Hash without a Salt"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-04-14T20:06:00.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "U61", "version_affected": "<="}, {"version_value": "L81", "version_affected": "<="}]}, "product_name": "SpaceCom"}, {"version": {"version_data": [{"version_value": "U61", "version_affected": "<="}, {"version_value": "L81", "version_affected": "<="}]}, "product_name": "Battery pack with Wi-Fi"}, {"version": {"version_data": [{"version_value": "A10", "version_affected": "="}, {"version_value": "A11", "version_affected": "="}]}, "product_name": "Data module compactplus"}]}, "vendor_name": "B. Braun Melsungen AG"}]}}, "solution": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "refsource": "CONFIRM"}, {"url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "name": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-759: Use of a One-Way Hash without a Salt"}]}]}, "work_around": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-25164", "STATE": "PUBLIC", "TITLE": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus", "ASSIGNER": "ics-cert@hq.dhs.gov"}}}}, "cveMetadata": {"cveId": "CVE-2020-25164", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:29:36.723Z", "dateReserved": "2020-09-04T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-04-14T20:06:00.000Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bbraun:datamodule_compactplus:a10:*:*:*:*:*:*:*", "matchCriteriaId": "8AB0FE4F-48A0-49E0-B103-41FFFBFD3273", "vulnerable": true}, {"criteria": "cpe:2.3:o:bbraun:datamodule_compactplus:a11:*:*:*:*:*:*:*", "matchCriteriaId": "7CC88FD8-E19A-4C59-97D5-D7979C6B573F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bbraun:datamodule_compactplus:-:*:*:*:*:*:*:*", "matchCriteriaId": "1715E3E2-C648-4439-8EB3-FD036B919B90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bbraun:spacecom:*:*:*:*:*:*:*:*", "matchCriteriaId": "5872EF69-4FA8-4D1B-8372-AB855C8EB0D2", "versionEndIncluding": "l81", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bbraun:spacecom:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EE9120E-BC31-410E-A371-D0C30EBBFEE5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface."}, {"lang": "es", "value": "Una vulnerabilidad en B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y el m\u00f3dulo de Datos compactplus Versiones A10 y A11, permite a atacantes recuperar las credenciales de usuario de la interfaz administrativa"}], "id": "CVE-2020-25164", "lastModified": "2024-11-21T05:17:31.217", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-14T21:15:08.237", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Broken Link"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-759"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}

{}