Vulnerability Details : CVE-2023-0888
An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks
Products affected by CVE-2023-0888
- cpe:2.3:o:bbraun:battery-pack_sp_with_wifi_firmware:*:*:*:*:us:*:*:*
- Bbraun » Battery-pack Sp With Wifi Firmware » Global EditionVersions up to, including, (<=) 053l000092cpe:2.3:o:bbraun:battery-pack_sp_with_wifi_firmware:*:*:*:*:global:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-0888
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-0888
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
1.2
|
3.6
|
B. Braun SE |
CWE ids for CVE-2023-0888
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
-
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").Assigned by: productsecurity@bbraun.com (Secondary)
References for CVE-2023-0888
-
https://www.bbraun.com/productsecurity
B. Braun Product SecurityProduct
-
https://www.bbraunusa.com/productsecurity
B. Braun Product SecurityProduct
Jump to