CVE-2021-37161

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-37161
A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://www.armis.com/PwnedPiper Third Party Advisory
https://www.swisslog-healthcare.com Product
https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37161-bulletin---underflow-in-udprxthread.pdf?rev=9395dad86d0b4811ae4a9e37f0568c2e&hash=3D8571C7A3DCC8B7D8DCB89C2DA4BB8D Vendor Advisory
https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*
History

10 Aug 2021, 18:42

Type Values Removed Values Added
CWE CWE-120
CPE cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*
cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*
References (MISC) https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20 - (MISC) https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20 - Vendor Advisory
References (MISC) https://www.swisslog-healthcare.com - (MISC) https://www.swisslog-healthcare.com - Product
References (MISC) https://www.armis.com/PwnedPiper - (MISC) https://www.armis.com/PwnedPiper - Third Party Advisory
References (MISC) https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37161-bulletin---underflow-in-udprxthread.pdf?rev=9395dad86d0b4811ae4a9e37f0568c2e&hash=3D8571C7A3DCC8B7D8DCB89C2DA4BB8D - (MISC) https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37161-bulletin---underflow-in-udprxthread.pdf?rev=9395dad86d0b4811ae4a9e37f0568c2e&hash=3D8571C7A3DCC8B7D8DCB89C2DA4BB8D - Vendor Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : 7.5
v3 : 9.8

02 Aug 2021, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2021-08-02 13:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-37161

Mitre link : CVE-2021-37161

CVE.ORG link : CVE-2021-37161

JSON object : View

Products Affected

swisslog-healthcare

  • hmi-3_control_panel_firmware
  • hmi-3_control_panel
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')