CVE-2017-6018

{"id": "CVE-2017-6018", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-06-30T03:29:00.267", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-601"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."}, {"lang": "es", "value": "Se detect\u00f3 un problema de redireccionamiento abierto en el m\u00f3dulo SpaceCom de B. Braun Medical, que est\u00e1 integrado en la estaci\u00f3n de acoplamiento SpaceStation: m\u00f3dulo SpaceStation with SpaceCom (integrado como n\u00famero de parte 8713142U), versiones de software anteriores a 012U000040 y SpaceStation (n\u00famero de parte 8713140U) con m\u00f3dulo SpaceCom instalado (n\u00famero de parte 8713160U), versiones de software anteriores a 012U000040. El servidor web del producto afectado acepta entradas no seguras, lo que podr\u00eda permitir a atacantes redireccionar la petici\u00f3n a una direcci\u00f3n URL no deseada contenida en una entrada no segura."}], "lastModified": "2019-10-09T23:28:33.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:bbraun:station_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E894122-0F6B-4A60-BA71-BC9B03A3CAA1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:bbraun:spacestation:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B457DA3F-190E-450C-97B3-8523BC563391"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}