Vulnerability Details : CVE-2020-25166
An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.
Products affected by CVE-2020-25166
- cpe:2.3:o:bbraun:datamodule_compactplus:a10:*:*:*:*:*:*:*
- cpe:2.3:o:bbraun:datamodule_compactplus:a11:*:*:*:*:*:*:*
- cpe:2.3:o:bbraun:spacecom:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-25166
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 30 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25166
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:S/C:N/I:C/A:P |
8.0
|
7.8
|
NIST | |
7.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L |
2.8
|
4.7
|
ICS-CERT | |
7.1
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L |
2.8
|
4.2
|
NIST |
CWE ids for CVE-2020-25166
-
The product does not verify, or incorrectly verifies, the cryptographic signature for data.Assigned by: ics-cert@hq.dhs.gov (Primary)
References for CVE-2020-25166
-
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02
B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | CISAThird Party Advisory;US Government Resource
-
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
404 Page not foundBroken Link
Jump to