An Unrestricted Upload of File with Dangerous Type vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows remote attackers to upload any files to the /tmp directory of the device through the webpage API. This can result in critical files being overwritten.
References
Link | Resource |
---|---|
https://www.bbraunusa.com/en.htm | Broken Link |
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/ | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
01 Sep 2021, 16:08
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.bbraunusa.com/en.htm - Broken Link | |
References | (MISC) https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/ - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 9.1 |
CPE | cpe:2.3:o:bbraun:spacecom2:*:*:*:*:*:*:*:* cpe:2.3:h:bbraun:infusomat_large_volume_pump_871305u:-:*:*:*:*:*:*:* cpe:2.3:h:bbraun:spacestation_8713142u:-:*:*:*:*:*:*:* |
|
CWE | CWE-434 |
25 Aug 2021, 12:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-25 12:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-33884
Mitre link : CVE-2021-33884
CVE.ORG link : CVE-2021-33884
JSON object : View
Products Affected
bbraun
- spacecom2
- spacestation_8713142u
- infusomat_large_volume_pump_871305u
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type