CVE-2020-25150 : What You Need to Know
Learn about CVE-2020-25150, a high severity relative path traversal vulnerability affecting B. Braun Melsungen AG's SpaceCom and Data module compactplus products. Find out the impact, affected systems, exploitation mechanism, and mitigation steps.
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file, an attacker can execute arbitrary commands.
Understanding CVE-2020-25150
This CVE involves a relative path traversal vulnerability in B. Braun Melsungen AG's SpaceCom and Data module compactplus products.
What is CVE-2020-25150?
The vulnerability allows attackers with service user privileges to upload arbitrary files, potentially leading to the execution of arbitrary commands.
The Impact of CVE-2020-25150
The vulnerability has a CVSS base score of 7.6, indicating a high severity issue. It poses a risk of integrity impact, allowing attackers to execute commands.
Technical Details of CVE-2020-25150
This section provides more technical insights into the vulnerability.
Vulnerability Description
A relative path traversal attack in B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to upload arbitrary files.
Affected Systems and Versions
- SpaceCom: Versions L81/U61 and earlier
- Data module compactplus: Versions A10 and A11
Exploitation Mechanism
Attackers with service user privileges can exploit the vulnerability by uploading a specially crafted tar file to execute arbitrary commands.
Mitigation and Prevention
It is crucial to take immediate steps to address and prevent the exploitation of this vulnerability.
Immediate Steps to Take
- Apply the recommended updates provided by B. Braun for affected products.
- Contact your local B. Braun organization for further assistance.
Long-Term Security Practices
- Protect the network by ensuring devices are not directly accessible from the Internet.
- Use a firewall to isolate medical devices from the business network.
Patching and Updates
- B. Braun recommends applying the following updates:
- SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)
- Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)
- Data module compactplus: Version A12 or later