CVE-2017-6018 - OpenCVE

An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bbraun	Station Firmware Spacestation

Configuration 1 [-]

AND

cpe:2.3:o:bbraun:station_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:bbraun:spacestation:-:*:*:*:*:*:*:*

References

Link	Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2017-06-30T02:35:00

Updated: 2017-06-30T02:57:01

Reserved: 2017-02-16T00:00:00

Link: CVE-2017-6018

JSON object: View

NVD Information

Status : Modified

Published: 2017-06-30T03:29:00.267

Modified: 2019-10-09T23:28:33.870

Link: CVE-2017-6018

JSON object: View

Redhat Information

No data.

CWE

CWE-601

{"containers": {"cna": {"affected": [{"product": "B. Braun Medical SpaceCom", "vendor": "n/a", "versions": [{"status": "affected", "version": "B. Braun Medical SpaceCom"}]}], "datePublic": "2017-06-29T00:00:00", "descriptions": [{"lang": "en", "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-06-30T02:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-6018", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "B. Braun Medical SpaceCom", "version": {"version_data": [{"version_value": "B. Braun Medical SpaceCom"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-6018", "datePublished": "2017-06-30T02:35:00", "dateReserved": "2017-02-16T00:00:00", "dateUpdated": "2017-06-30T02:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bbraun:station_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E894122-0F6B-4A60-BA71-BC9B03A3CAA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bbraun:spacestation:-:*:*:*:*:*:*:*", "matchCriteriaId": "B457DA3F-190E-450C-97B3-8523BC563391", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."}, {"lang": "es", "value": "Se detect\u00f3 un problema de redireccionamiento abierto en el m\u00f3dulo SpaceCom de B. Braun Medical, que est\u00e1 integrado en la estaci\u00f3n de acoplamiento SpaceStation: m\u00f3dulo SpaceStation with SpaceCom (integrado como n\u00famero de parte 8713142U), versiones de software anteriores a 012U000040 y SpaceStation (n\u00famero de parte 8713140U) con m\u00f3dulo SpaceCom instalado (n\u00famero de parte 8713160U), versiones de software anteriores a 012U000040. El servidor web del producto afectado acepta entradas no seguras, lo que podr\u00eda permitir a atacantes redireccionar la petici\u00f3n a una direcci\u00f3n URL no deseada contenida en una entrada no segura."}], "id": "CVE-2017-6018", "lastModified": "2019-10-09T23:28:33.870", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-30T03:29:00.267", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}