Sign-up

ID

VAR-201706-0454


CVE

CVE-2017-6018


TITLE

B. Braun SpaceCom Module Open redirection vulnerability

Trust: 0.8

sources: IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7 // CNVD: CNVD-2017-10575

DESCRIPTION

An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. B. Braun Medical SpaceCom The module contains an open redirect vulnerability.Information may be obtained and information may be altered. Braun SpaceCom Module is a product used to facilitate the exchange of medical system information, used to connect hospital network systems and external clinical systems, input data, medical history and service information to connected workstations. An attacker could exploit the vulnerability to post a specially crafted URI and instruct the user to click to redirect the user to an attacker-controlled website, causing a phishing attack. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Versions prior to SpaceCom module 012U000040 are vulnerable. B.Braun Medical SpaceCom module is a product communication module of B.Braun Medical Company in the United States. An attacker can redirect users to arbitrary URLs

Trust: 2.7

sources: NVD: CVE-2017-6018 // JVNDB: JVNDB-2017-006073 // CNVD: CNVD-2017-10575 // BID: 98624 // IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7 // VULHUB: VHN-114221

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7 // CNVD: CNVD-2017-10575

AFFECTED PRODUCTS

vendor:bbraunmodel:stationscope:eqversion: -

Trust: 1.6

vendor:bmodel:braun spacecom modulescope:eqversion:0

Trust: 0.9

vendor:b brown a scrapmodel:spacestation softwarescope:ltversion:012u000040

Trust: 0.8

vendor:bmodel:braun spacecom module 012u000040scope:neversion: -

Trust: 0.3

vendor:stationmodel: - scope:eqversion: -

Trust: 0.2

sources: IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7 // CNVD: CNVD-2017-10575 // BID: 98624 // JVNDB: JVNDB-2017-006073 // CNNVD: CNNVD-201702-594 // NVD: CVE-2017-6018

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-6018
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-6018
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-10575
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201702-594
value: MEDIUM

Trust: 0.6

IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7
value: MEDIUM

Trust: 0.2

VULHUB: VHN-114221
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-6018
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-10575
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-114221
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-6018
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7 // CNVD: CNVD-2017-10575 // VULHUB: VHN-114221 // JVNDB: JVNDB-2017-006073 // CNNVD: CNNVD-201702-594 // NVD: CVE-2017-6018

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.9

sources: VULHUB: VHN-114221 // JVNDB: JVNDB-2017-006073 // NVD: CVE-2017-6018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201702-594

TYPE

Input validation error

Trust: 1.1

sources: IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7 // BID: 98624 // CNNVD: CNNVD-201702-594

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006073

PATCH
title:B. Braun SpaceComurl:https://www.bbraun.com/en/products/b/b-braun-spacecom.html
Trust: 0.8
title:B. Braun SpaceCom Module Open Redirection Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/95388
Trust: 0.6
title:B.Braun Medical SpaceCom Fixes for module input validation error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100375
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-10575 // 
            
            
            
            JVNDB: JVNDB-2017-006073 // 
            
            
            
            CNNVD: CNNVD-201702-594

EXTERNAL IDS
db:NVDid:CVE-2017-6018
Trust: 3.6
db:ICS CERTid:ICSMA-17-082-02
Trust: 2.8
db:BIDid:98624
Trust: 1.0
db:CNNVDid:CNNVD-201702-594
Trust: 0.9
db:CNVDid:CNVD-2017-10575
Trust: 0.8
db:JVNDBid:JVNDB-2017-006073
Trust: 0.8
db:IVDid:BA0BEADE-70F9-49D8-81ED-8E81D4C51FC7
Trust: 0.2
db:VULHUBid:VHN-114221
Trust: 0.1
sources:
            
            
            IVD: ba0beade-70f9-49d8-81ed-8e81d4c51fc7 // 
            
            
            
            CNVD: CNVD-2017-10575 // 
            
            
            
            VULHUB: VHN-114221 // 
            
            
            
            BID: 98624 // 
            
            
            
            JVNDB: JVNDB-2017-006073 // 
            
            
            
            CNNVD: CNNVD-201702-594 // 
            
            
            
            NVD: CVE-2017-6018

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-082-02
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6018
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-6018
Trust: 0.8
url:http://www.securityfocus.com/bid/98624
Trust: 0.6
url:http://www.bbraun.co.in/cps/rde/xchg/cw-bbraun-hi-in/hs.xsl/products.html?prid=prid00001838
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-10575 // 
            
            
            
            VULHUB: VHN-114221 // 
            
            
            
            BID: 98624 // 
            
            
            
            JVNDB: JVNDB-2017-006073 // 
            
            
            
            CNNVD: CNNVD-201702-594 // 
            
            
            
            NVD: CVE-2017-6018

CREDITS
Marc Ruef and Rocco Gagliardi of scip AG.
Trust: 0.3
sources:
            
            
            BID: 98624

SOURCES
db:IVDid:ba0beade-70f9-49d8-81ed-8e81d4c51fc7
db:CNVDid:CNVD-2017-10575
db:VULHUBid:VHN-114221
db:BIDid:98624
db:JVNDBid:JVNDB-2017-006073
db:CNNVDid:CNNVD-201702-594
db:NVDid:CVE-2017-6018

LAST UPDATE DATE
2025-04-20T23:27:23.764000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-10575date:2017-06-22T00:00:00
db:VULHUBid:VHN-114221date:2019-10-09T00:00:00
db:BIDid:98624date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-006073date:2017-08-17T00:00:00
db:CNNVDid:CNNVD-201702-594date:2019-10-17T00:00:00
db:NVDid:CVE-2017-6018date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:ba0beade-70f9-49d8-81ed-8e81d4c51fc7date:2017-06-22T00:00:00
db:CNVDid:CNVD-2017-10575date:2017-06-22T00:00:00
db:VULHUBid:VHN-114221date:2017-06-30T00:00:00
db:BIDid:98624date:2017-05-23T00:00:00
db:JVNDBid:JVNDB-2017-006073date:2017-08-17T00:00:00
db:CNNVDid:CNNVD-201702-594date:2017-02-17T00:00:00
db:NVDid:CVE-2017-6018date:2017-06-30T03:29:00.267