B. Braun Medical Space Battery Pack SP with Wi-Fi Vulnerability
B. Braun Medical Space Battery Pack SP with Wi-Fi contains a vulnerability that could cause privilege escalation
Summary
B. Braun Medical Space Battery Pack SP with Wi-Fi contains a vulnerability that could cause privilege escalation
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
B. Braun Medical has identified a vulnerability in their Space Battery Pack SP with Wi-Fi. The battery pack allows to users to operate standalone pumps.
Successful exploitation of this vulnerability could allow an authenticated attacker to compromise the security of the Space communication device ‘Battery Pack SP with Wi-Fi’. This vulnerability could allow the attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution.
The B. Braun advisory states that without the knowledge of web server credentials and direct network access to the specific device, this vulnerability cannot be exploited.
Threat updates
| Date | Update |
|---|---|
| 14 Apr 2023 |
CISA adds CVE-2023-0888 to their Medical Advisory list
The US Cyber Security and Infrastructure Agency (CISA) has added CVE-2023-0888 to their Medical Advisory list. CISA has report the Battery Pack SP with Wi-Fi Vulnerability in ICSMA-23-103-01. This article has been updated to reflect those changes. |
Remediation advice
Affected organisations are encouraged to review the B. Braun Medical Inc. Statement regarding cybersecurity vulnerability with Space Battery Pack SP with Wi-Fi advisory for more information. The US Cyber Security and Infrastructure Agency (CISA) has also released a Medical Advisory ICSMA-23-103-01.
B. Braun has given additional mitigation advice, including device and network recommendations in the advisory.
Definitive source of threat updates
Last edited: 14 April 2023 2:44 pm