A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.
References
Configurations
Configuration 1 (hide)
AND |
|
History
10 Aug 2021, 16:46
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-120 | |
CPE | cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:* cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References |
|
|
References | (MISC) https://www.swisslog-healthcare.com - Product | |
References | (MISC) https://www.armis.com/PwnedPiper - Third Party Advisory |
02 Aug 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-08-02 11:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-37165
Mitre link : CVE-2021-37165
CVE.ORG link : CVE-2021-37165
JSON object : View
Products Affected
swisslog-healthcare
- hmi-3_control_panel_firmware
- hmi-3_control_panel
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')