github - ghsa-qxgr-6j8v-x3cr

GHSA-QXGR-6J8V-X3CR

Vulnerability from github – Published: 2022-04-15 00:00 – Updated: 2022-04-22 00:00

Details

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-25150"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-23"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-04-14T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands.",
  "id": "GHSA-qxgr-6j8v-x3cr",
  "modified": "2022-04-22T00:00:47Z",
  "published": "2022-04-15T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25150"
    },
    {
      "type": "WEB",
      "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2020-25150 (GCVE-0-2020-25150)

Vulnerability from cvelistv5 – Published: 2022-04-14 20:05 – Updated: 2025-04-16 16:30

Summary

Severity ?

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE

CWE-23 - Relative Path Traversal

Assigner

icscert

References

URL

Tags

	https://www.cisa.gov/uscert/ics/advisories/icsma-…	x_refsource_CONFIRM
	https://www.bbraun.com/en/products-and-therapies/…	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

B. Braun Melsungen AG

SpaceCom

Affected: unspecified , ≤ U61 (custom)
Affected: unspecified , ≤ L81 (custom)

	B. Braun Melsungen AG	Battery pack with Wi-Fi	Affected: unspecified , ≤ U61 (custom) Affected: unspecified , ≤ L81 (custom)
	B. Braun Melsungen AG	Data module compactplus	Affected: A10 Affected: A11

Credits

Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:26:09.495Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-25150",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-16T15:54:38.970393Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-16T16:30:32.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SpaceCom",
          "vendor": "B. Braun Melsungen AG",
          "versions": [
            {
              "lessThanOrEqual": "U61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "L81",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Battery pack with Wi-Fi",
          "vendor": "B. Braun Melsungen AG",
          "versions": [
            {
              "lessThanOrEqual": "U61",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "L81",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Data module compactplus",
          "vendor": "B. Braun Melsungen AG",
          "versions": [
            {
              "status": "affected",
              "version": "A10"
            },
            {
              "status": "affected",
              "version": "A11"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-23",
              "description": "CWE-23: Relative Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-14T20:05:52.000Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "B. Braun recommends applying updates:\n\n    SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n    Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n    Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus",
      "workarounds": [
        {
          "lang": "en",
          "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n    Ensure the devices are not accessible directly from the Internet.\n    Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-25150",
          "STATE": "PUBLIC",
          "TITLE": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SpaceCom",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "U61"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "L81"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Battery pack with Wi-Fi",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "U61"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "L81"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Data module compactplus",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "A10"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "A11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "B. Braun Melsungen AG"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-23: Relative Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02",
              "refsource": "CONFIRM",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"
            },
            {
              "name": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html",
              "refsource": "CONFIRM",
              "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "B. Braun recommends applying updates:\n\n    SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n    Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n    Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"
          }
        ],
        "source": {
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n    Ensure the devices are not accessible directly from the Internet.\n    Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory.  https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-25150",
    "datePublished": "2022-04-14T20:05:52.000Z",
    "dateReserved": "2020-09-04T00:00:00.000Z",
    "dateUpdated": "2025-04-16T16:30:32.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-QXGR-6J8V-X3CR

CVE-2020-25150 (GCVE-0-2020-25150)

Tags

Sightings

Nomenclature