Skip to main content

B. Braun SpaceCom Vulnerabilities

Eleven vulnerabilities affect B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus product lines

Threat ID:
CC-3652
Threat Severity:
Low
Published:
27 October 2020 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Eleven vulnerabilities affect B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus product lines

Affected platforms

The following platforms are known to be affected:

B. Braun product lines for:

  • SpaceCom, software Versions U61 and earlier (United States), L81 and earlier (outside the United States)
  • Battery pack with Wi-Fi, software Versions U61 and earlier (United States), L81 and earlier (outside the United States)
  • Data module compactplus, software Versions A10 and A11 (not distributed in the United States)

Threat details

Introduction

B. Braun has released details of eleven vulnerabilities affecting their SpaceCom clinical device interface and a number of its attendant products. They claim that a remote, unauthenticated attacker could exploit some or all of these vulnerabilities to take control of affected systems.

Vulnerability details

The vulnerabilities appear to be the result of several different underlying flaws in the affected devices:

  • CVE-2020-25158 - CVSSv3: 7.6 - SpaceCom and Data module compactplus are vulnerable to reflected cross-site scripting (CWE-79) attacks. A remote user could exploit this to inject code into various locations.
  • CVE-2020-25162 - CVSSv3: 7.5 - SpaceCom and Data module compactplus are vulnerable to Xpath injection (CWE-643). A remote unauthenticated user could exploit this to obtain sensitive data or escalate privileges.
  • CVE-2020-25156 - CVSSv3: 7.1 - The active debug mode in SpaceCom and Data module compactplus allow users to obtain cryptographic keys (CWE-798).
  • CVE-2020-25166 - CVSSv3: 6.8 - SpaceCom and Data module compactplus improperly verify firmware cryptographic signatures (CWE-347). A user could exploit this generate valid firmware signatures for malicious packages.
  • CVE-2020-25160 - CVSSv3: 6.8 -  SpaceCom and Data module compactplus improperly control user access (CWE-284), allowing users to edit device network configurations.
  • CVE-2020-16238 - CVSSv3: 6.7 - SpaceCom and Data module compactplus improperly manage account privileges (CWE-269). A user could exploit this to access the underlying command line interface.
  • CVE-2020-25152 - CVSSv3: 6.5 - SpaceCom and Data module compactplus are vulnerable to session fixation (CWE-384). A remote user could exploit this to hijack web sessions or escalate privileges.
  • CVE-2020-25154 - CVSSv3: 5.4 - SpaceCom and Data module compactplus are vulnerable to open redirects (CWE-601). A remote user could exploit this to redirect users.
  • CVE-2020-25164 - CVSSv3: 5.1 - SpaceCom and Data module compactplus are vulnerable to administrative credential recovery (CWE-759).
  • CVE-2020-25150 - CVSSv3: 7.6 - SpaceCom and Data module compactplus are vulnerable to relative path traversals (CWE-23). By uploading a specially crafted TAR file a user could execute arbitrary code.
  • CVE-2020-25168 - CVSSv3: 3.3 - SpaceCom and Data module compactplus use hard-coded wireless credentials (CWE-798). A user with command line access could exploit this to access device WiFi modules.

Threat updates

Date Update
21 Oct 2022 Updated remediation

CISA have updated the remediation for their medical advisory. This cyber alert has been update to reflect the new guidance.

Remediation advice

Affected organisations are advised to review CISA's ICS Medical Advisory (ICSMA-20-296-02) and the B. Braun Product Security Advisories page to ensure that they are using the latest software updates.

B. Braun has released software updates to mitigate the reported vulnerabilities:

Within the United States and Canada:

Battery pack SP with Wi-Fi, software 028U00093 (SN 138852 and lower).
Battery pack SP with Wi-Fi, software 054U00093 (SN 138853 and higher).
SpaceStation with SpaceCom 2, software Version 012U000093.

Outside the United States and Canada:

  • Battery Pack SP with Wi-Fi, software 027L000093 (below SN 138853).
  • Battery pack SP with Wi-Fi, software 053L00093 (SN 138853 and higher).
  • SpaceStation with SpaceCom 2, software version 011L000093.

In addition, B. Braun recommends users of the affected products consider the following best practices:

  • All facilities utilising SpaceCom 2, and Battery Pack SP with Wi-Fi should review their IT infrastructure to ensure a network zone concept has been implemented whereby critical systems, such as infusion pumps, are housed in separate (e.g., by firewalls or VLAN) environments that are not accessible directly from the Internet or by unauthorised users.
  • Wireless networks should be implemented using industry standard encryption and should be equipped with intrusion detection systems (IDS) and/or intrusion prevention systems (IPS).

Last edited: 21 October 2022 4:45 pm