CVE-2020-25166 - Vulnerability Details - OpenCVE

An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Complete

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Bbraun	Datamodule Compactplus Spacecom

Configuration 1 [-]

AND

OR	cpe:2.3:o:bbraun:datamodule_compactplus:a10:::::::*
	cpe:2.3:o:bbraun:datamodule_compactplus:a11:::::::*

cpe:2.3:h:bbraun:datamodule_compactplus:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:bbraun:spacecom:*:*:*:*:*:*:*:*

cpe:2.3:h:bbraun:spacecom:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02

History

Wed, 16 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2022-04-14T20:05:59.000Z

Updated: 2025-04-16T16:29:44.744Z

Reserved: 2020-09-04T00:00:00.000Z

Link: CVE-2020-25166

Vulnrichment

Updated: 2024-08-04T15:26:10.204Z

NVD

Status : Modified

Published: 2022-04-14T21:15:08.297

Modified: 2024-11-21T05:17:31.640

Link: CVE-2020-25166

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "SpaceCom", "vendor": "B. Braun Melsungen AG", "versions": [{"lessThanOrEqual": "U61", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "L81", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Battery pack with Wi-Fi", "vendor": "B. Braun Melsungen AG", "versions": [{"lessThanOrEqual": "U61", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThanOrEqual": "L81", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Data module compactplus", "vendor": "B. Braun Melsungen AG", "versions": [{"status": "affected", "version": "A10"}, {"status": "affected", "version": "A11"}]}], "credits": [{"lang": "en", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "descriptions": [{"lang": "en", "value": "An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-04-14T20:05:59.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "solutions": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "source": {"discovery": "EXTERNAL"}, "title": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus", "workarounds": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-25166", "STATE": "PUBLIC", "TITLE": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SpaceCom", "version": {"version_data": [{"version_affected": "<=", "version_value": "U61"}, {"version_affected": "<=", "version_value": "L81"}]}}, {"product_name": "Battery pack with Wi-Fi", "version": {"version_data": [{"version_affected": "<=", "version_value": "U61"}, {"version_affected": "<=", "version_value": "L81"}]}}, {"product_name": "Data module compactplus", "version": {"version_data": [{"version_affected": "=", "version_value": "A10"}, {"version_affected": "=", "version_value": "A11"}]}}]}, "vendor_name": "B. Braun Melsungen AG"}]}}, "credit": [{"lang": "eng", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347: Improper Verification of Cryptographic Signature"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "refsource": "CONFIRM", "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"name": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "refsource": "CONFIRM", "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}]}, "solution": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "source": {"discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:26:10.204Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-16T15:54:19.378844Z", "id": "CVE-2020-25166", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T16:29:44.744Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-25166", "datePublished": "2022-04-14T20:05:59.000Z", "dateReserved": "2020-09-04T00:00:00.000Z", "dateUpdated": "2025-04-16T16:29:44.744Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:26:10.204Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-25166", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-16T15:54:19.378844Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T15:54:21.698Z"}}], "cna": {"title": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "B. Braun Melsungen AG", "product": "SpaceCom", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "U61"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "L81"}]}, {"vendor": "B. Braun Melsungen AG", "product": "Battery pack with Wi-Fi", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "U61"}, {"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "L81"}]}, {"vendor": "B. Braun Melsungen AG", "product": "Data module compactplus", "versions": [{"status": "affected", "version": "A10"}, {"status": "affected", "version": "A11"}]}], "solutions": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "tags": ["x_refsource_CONFIRM"]}], "workarounds": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "descriptions": [{"lang": "en", "value": "An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347: Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2022-04-14T20:05:59.000Z"}, "x_legacyV4Record": {"credit": [{"lang": "eng", "value": "Julian Suleder, Nils Emmerich, and Birk Kauer of ERNW Research GmbH; Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH, reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices)."}], "impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, "source": {"discovery": "EXTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "U61", "version_affected": "<="}, {"version_value": "L81", "version_affected": "<="}]}, "product_name": "SpaceCom"}, {"version": {"version_data": [{"version_value": "U61", "version_affected": "<="}, {"version_value": "L81", "version_affected": "<="}]}, "product_name": "Battery pack with Wi-Fi"}, {"version": {"version_data": [{"version_value": "A10", "version_affected": "="}, {"version_value": "A11", "version_affected": "="}]}, "product_name": "Data module compactplus"}]}, "vendor_name": "B. Braun Melsungen AG"}]}}, "solution": [{"lang": "en", "value": "B. Braun recommends applying updates:\n\n SpaceCom: Version U62 or later (United States), L82 or later (outside the United States)\n Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States)\n Data module compactplus: Version A12 or later\n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html\n"}], "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02", "refsource": "CONFIRM"}, {"url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "name": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html", "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347: Improper Verification of Cryptographic Signature"}]}]}, "work_around": [{"lang": "en", "value": "As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:\n\n Ensure the devices are not accessible directly from the Internet.\n Use a firewall and isolate the medical devices from the business network. \n\nPlease contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}], "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-25166", "STATE": "PUBLIC", "TITLE": "B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus", "ASSIGNER": "ics-cert@hq.dhs.gov"}}}}, "cveMetadata": {"cveId": "CVE-2020-25166", "state": "PUBLISHED", "dateUpdated": "2025-04-16T16:29:44.744Z", "dateReserved": "2020-09-04T00:00:00.000Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2022-04-14T20:05:59.000Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bbraun:datamodule_compactplus:a10:*:*:*:*:*:*:*", "matchCriteriaId": "8AB0FE4F-48A0-49E0-B103-41FFFBFD3273", "vulnerable": true}, {"criteria": "cpe:2.3:o:bbraun:datamodule_compactplus:a11:*:*:*:*:*:*:*", "matchCriteriaId": "7CC88FD8-E19A-4C59-97D5-D7979C6B573F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bbraun:datamodule_compactplus:-:*:*:*:*:*:*:*", "matchCriteriaId": "1715E3E2-C648-4439-8EB3-FD036B919B90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bbraun:spacecom:*:*:*:*:*:*:*:*", "matchCriteriaId": "5872EF69-4FA8-4D1B-8372-AB855C8EB0D2", "versionEndIncluding": "l81", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bbraun:spacecom:-:*:*:*:*:*:*:*", "matchCriteriaId": "0EE9120E-BC31-410E-A371-D0C30EBBFEE5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices."}, {"lang": "es", "value": "Una verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica de las actualizaciones de firmware del B. Braun Melsungen AG SpaceCom Versiones L81/U61 y anteriores, y del m\u00f3dulo de Datos compactplus Versiones A10 y A11, permite a atacantes generar actualizaciones de firmware v\u00e1lidas con contenido arbitrario que puede usarse para manipular los dispositivos"}], "id": "CVE-2020-25166", "lastModified": "2024-11-21T05:17:31.640", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "NONE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-04-14T21:15:08.297", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Broken Link"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}