Total
11 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25158 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. | |||||
| CVE-2020-25152 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 5.8 MEDIUM | 8.1 HIGH |
| A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. | |||||
| CVE-2020-25166 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 7.5 HIGH | 7.1 HIGH |
| An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. | |||||
| CVE-2020-25156 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 9.0 HIGH | 7.2 HIGH |
| Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. | |||||
| CVE-2020-25150 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
| A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | |||||
| CVE-2020-25162 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. | |||||
| CVE-2020-16238 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. | |||||
| CVE-2020-25168 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. | |||||
| CVE-2020-25164 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. | |||||
| CVE-2020-25160 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 4.6 MEDIUM | 6.3 MEDIUM |
| Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. | |||||
| CVE-2020-25154 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | |||||