Multiple Vulnerabilities in B. Braun’s Infusion Pump System
Multiple vulnerabilities affecting B. Braun’s infusion pump system could allow an unauthenticated attacker to modify a pump’s configuration, potentially resulting in an unexpected dose being delivered to a patient.
Summary
Multiple vulnerabilities affecting B. Braun’s infusion pump system could allow an unauthenticated attacker to modify a pump’s configuration, potentially resulting in an unexpected dose being delivered to a patient.
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Security researchers have released details, including a proof-of-concept (PoC), of 5 vulnerabilities in B. Braun’s infusion pump system. Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to modify an infusion pump’s configuration while the pump is in standby mode. This could result in an unexpected dose of medication being delivered to a patient.
Vulnerability details
The 5 vulnerabilities are tracked as:
CVE-2021-33882 – Missing Authentication for Critical Function (CVSS v3 6.8)
CVE-2021-33883 – Cleartext Transmission of Sensitive Information (CVSS v3 5.9)
CVE-2021-33884 – Unrestricted Upload of File with Dangerous Type (CVSS v3 6.5)
CVE-2021-33885 – Insufficient Verification of Data Authenticity (CVSS v3 9.0)
CVE-2021-33886 – Improper Input Validation (CVSS v3 6.8)
These vulnerabilities can be used to exploit the Space or compactPlus communication devices to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution (RCE). If chained together, the vulnerabilities could allow an unauthenticated attacker to modify a pump’s configuration while the pump is in standby mode.
Threat updates
| Date | Update |
|---|---|
| 21 Oct 2022 |
Update to remediation
CISA have updated the remediation portion. This cyber alert has been updated to reflect the new guidance. |
| 25 Oct 2021 |
CISA issue ICS Medical Advisory (ICSMA-21-294-01)
CISA has issued ICS Medical Advisory (ICSMA-21-294-01) encouraging affected organisations to review B. Braun's security advisories and apply the necessary updates to affected products. |
Remediation advice
Affected organisations are advised to review CISA's ICS Medical Advisory (ICSMA-21-294-01) and the B. Braun Product Security Advisories page to ensure that they are using the latest software updates as follows:
Outside the United States and Canada:
- Battery Pack SP with Wi-Fi, software 027L000093 (below SN 138853).
- Battery pack SP with Wi-Fi, software 053L00093 (SN 138853 and higher).
- SpaceStation with SpaceCom 2, software version 011L000093.
Within the United States and Canada:
- Battery pack SP with Wi-Fi, software 028U00093 (SN 138852 and lower).
- Battery pack SP with Wi-Fi, software 054U00093 (SN 138853 and higher).
- SpaceStation with SpaceCom 2, software Version 012U000093.
In addition, B. Braun recommends users of the affected products consider the following best practices:
- All facilities utilizing SpaceCom 2, and Battery Pack SP with Wi-Fi should review their IT infrastructure to ensure a network zone concept has been implemented whereby critical systems, such as infusion pumps, are housed in separate (e.g., by firewalls or VLAN) environments that are not accessible directly from the Internet or by unauthorized users.
- Wireless networks should be implemented using industry standard encryption and should be equipped with intrusion detection systems (IDS) and/or intrusion prevention systems (IPS).
Definitive source of threat updates
- https://www.bbraun.com/en/products-and-solutions/temp/b--braun-coordinated-vulnerability-disclosure/security-advisory.html
- https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/
- https://us-cert.cisa.gov/ics/advisories/icsma-21-294-01
CVE Vulnerabilities
Last edited: 21 October 2022 4:50 pm