Sign-up

ID

VAR-202010-1585


CVE

CVE-2020-25168


TITLE

plural  B. Braun Melsungen  Multiple vulnerabilities in product

Trust: 0.8

sources: JVNDB: JVNDB-2020-009257

DESCRIPTION

Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. B.Braun Melsungen Multiple products provided by Co., Ltd. contain multiple vulnerabilities listed below. * Reflected cross-site scripting (CWE-79) - CVE-2020-25158 It was * Open redirect (CWE-601) - CVE-2020-25154 It was * XPATH injection (CWE-643) - CVE-2020-25162 It was * Session immobilization (CWE-384) - CVE-2020-25152 It was * Salt Using hash functions without (CWE-759) - CVE-2020-25164 It was * relative path traversal (CWE-23) - CVE-2020-25150 It was * Improper verification of digital signatures (CWE-347) - CVE-2020-25166 It was * Improper authority management (CWE-269) - CVE-2020-16238 It was * Use hard-coded credentials (CWE-798) - CVE-2020-25168 It was * Residual debug code (CWE-489) - CVE-2020-25156 It was * Inappropriate access control (CWE-284) - CVE-2020-25160The expected impact depends on each vulnerability, but it may be affected as follows. It was * by a remote third party for administrative purposes Web Arbitrary scripts or HTML is inserted - CVE-2020-25158 It was * A remote third party redirects the user to a malicious website - CVE-2020-25154 It was * Theft of sensitive information or escalation of privileges by an unauthenticated remote third party - CVE-2020-25162 It was * By a remote third party Web Session stolen or privilege escalation - CVE-2020-25152 It was * A local third party steals user credentials for the administrator interface - CVE-2020-25164 It was * Execute arbitrary commands by uploading a specially crafted file by a remote user - CVE-2020-25150 It was * Malicious firmware that can tamper with the device is generated by a third party with access to the product - CVE-2020-25166 It was * by a third party, from the command line on the underlying Linux After connecting to the system, root elevated to privilege - CVE-2020-16238 It was * Based on the authentication information hard-coded by a third party, the device can be operated from the command line. Wi-Fi connected to the module - CVE-2020-25168 It was * By a remote third party root Connected to the device with authorization - CVE-2020-25156 It was * The network configuration information of the device is stolen or tampered with by a third party - CVE-2020-25160

Trust: 1.71

sources: NVD: CVE-2020-25168 // JVNDB: JVNDB-2020-009257 // VULMON: CVE-2020-25168

IOT TAXONOMY

category:['camera device']sub_category:camera

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:bbraunmodel:spacecomscope:lteversion:l81

Trust: 1.0

vendor:bbraunmodel:datamodule compactplusscope:eqversion:a11

Trust: 1.0

vendor:bbraunmodel:datamodule compactplusscope:eqversion:a10

Trust: 1.0

vendor:ビー ブラウンエースクラップ株式会社model:data module compactplusscope: - version: -

Trust: 0.8

vendor:ビー ブラウンエースクラップ株式会社model:spacecomscope:lteversion:u61 and earlier

Trust: 0.8

vendor:ビー ブラウンエースクラップ株式会社model:battery pack with wi-fiscope: - version: -

Trust: 0.8

vendor:ビー ブラウンエースクラップ株式会社model:spacecomscope:lteversion:l81 and earlier

Trust: 0.8

sources: JVNDB: JVNDB-2020-009257 // NVD: CVE-2020-25168

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25168
value: LOW

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-25168
value: LOW

Trust: 1.0

JPCERT/CC: JVNDB-2020-009257
value: LOW

Trust: 0.8

CNNVD: CNNVD-202010-1254
value: LOW

Trust: 0.6

VULMON: CVE-2020-25168
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-25168
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

nvd@nist.gov: CVE-2020-25168
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 2.0

JPCERT/CC: JVNDB-2020-009257
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-25168 // JVNDB: JVNDB-2020-009257 // CNNVD: CNNVD-202010-1254 // NVD: CVE-2020-25168 // NVD: CVE-2020-25168

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [IPA evaluation ]

Trust: 0.8

problemtype: Open redirect (CWE-601) [IPA evaluation ]

Trust: 0.8

problemtype:Xpath injection (CWE-643) [IPA evaluation ]

Trust: 0.8

problemtype: Session immobilization (CWE-384) [IPA evaluation ]

Trust: 0.8

problemtype:Salt Using one-way hash without using (CWE-759) [IPA evaluation ]

Trust: 0.8

problemtype: Relative past traversal (CWE-23) [IPA evaluation ]

Trust: 0.8

problemtype: Improper verification of digital signatures (CWE-347) [IPA evaluation ]

Trust: 0.8

problemtype: Improper authority management (CWE-269) [IPA evaluation ]

Trust: 0.8

problemtype: Use hard-coded credentials (CWE-798) [IPA evaluation ]

Trust: 0.8

problemtype: debug code in active state (CWE-489) [IPA evaluation ]

Trust: 0.8

problemtype: Inappropriate access control (CWE-284) [IPA evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-009257 // NVD: CVE-2020-25168

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202010-1254

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202010-1254

PATCH

title:10/2020 SpaceCom, Battery Pack SP with WiFi, Data module compactplus - multiple vulnerabilitiesurl:https://www.bbraun.com/en/products-and-solutions/temp/b--braun-coordinated-vulnerability-disclosure/security-advisory/spacecom--battery-pack-sp-with-wifi--data-module-compactplus---m0.html

Trust: 0.8

title:Multiple B. Braun Melsungen AG Product security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=131544

Trust: 0.6

sources: JVNDB: JVNDB-2020-009257 // CNNVD: CNNVD-202010-1254

EXTERNAL IDS

db:NVDid:CVE-2020-25168

Trust: 2.6

db:ICS CERTid:ICSMA-20-296-02

Trust: 2.5

db:JVNid:JVNVU94780329

Trust: 0.8

db:JVNid:JVNVU91051134

Trust: 0.8

db:JVNDBid:JVNDB-2020-009257

Trust: 0.8

db:AUSCERTid:ESB-2022.5282

Trust: 0.6

db:AUSCERTid:ESB-2020.3661

Trust: 0.6

db:CNNVDid:CNNVD-202010-1254

Trust: 0.6

db:OTHERid:NONE

Trust: 0.1

db:VULMONid:CVE-2020-25168

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25168 // JVNDB: JVNDB-2020-009257 // CNNVD: CNNVD-202010-1254 // NVD: CVE-2020-25168

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02

Trust: 1.7

url:https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Trust: 1.7

url:https://us-cert.cisa.gov/ics/advisories/icsma-20-296-02

Trust: 1.4

url:https://jvn.jp/vu/jvnvu94780329/

Trust: 0.8

url:https://jvn.jp/vu/jvnvu91051134/index.html

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2020-25168/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5282

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3661/

Trust: 0.6

url:https://ieeexplore.ieee.org/abstract/document/10769424

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/798.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: OTHER: None // VULMON: CVE-2020-25168 // JVNDB: JVNDB-2020-009257 // CNNVD: CNNVD-202010-1254 // NVD: CVE-2020-25168

SOURCES

db:OTHERid: -
db:VULMONid:CVE-2020-25168
db:JVNDBid:JVNDB-2020-009257
db:CNNVDid:CNNVD-202010-1254
db:NVDid:CVE-2020-25168

LAST UPDATE DATE

2025-01-30T19:38:59.735000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-25168date:2022-04-21T00:00:00
db:JVNDBid:JVNDB-2020-009257date:2022-10-24T05:45:00
db:CNNVDid:CNNVD-202010-1254date:2022-10-24T00:00:00
db:NVDid:CVE-2020-25168date:2022-04-21T18:17:15.667

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-25168date:2022-04-14T00:00:00
db:JVNDBid:JVNDB-2020-009257date:2020-10-27T00:00:00
db:CNNVDid:CNNVD-202010-1254date:2020-10-22T00:00:00
db:NVDid:CVE-2020-25168date:2022-04-14T21:15:08.357