A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.
References
Configurations
Configuration 1 (hide)
AND |
|
History
07 Nov 2023, 03:36
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
12 Jul 2022, 17:42
Type | Values Removed | Values Added |
---|---|---|
CWE |
10 Aug 2021, 17:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.armis.com/PwnedPiper - Broken Link | |
References | (MISC) https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20 - Vendor Advisory | |
References | (MISC) https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37160-bulletin---no-firmware-update-validation.pdf?rev=c7f94647037c4007992e2e626d445561&hash=E89531490070A809FB74994018BA1248 - Vendor Advisory | |
References | (MISC) https://www.swisslog-healthcare.com - Product | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
CPE | cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:* |
|
CWE | CWE-434 CWE-347 |
02 Aug 2021, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-02 13:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-37160
Mitre link : CVE-2021-37160
CVE.ORG link : CVE-2021-37160
JSON object : View
Products Affected
swisslog-healthcare
- hmi-3_control_panel
- hmi-3_control_panel_firmware
CWE
CWE-347
Improper Verification of Cryptographic Signature