An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices.
References
Link | Resource |
---|---|
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html | Broken Link |
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2022-04-14T20:05:59
Updated: 2022-04-14T20:05:59
Reserved: 2020-09-04T00:00:00
Link: CVE-2020-25166
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-14T21:15:08.297
Modified: 2022-04-21T19:29:02.170
Link: CVE-2020-25166
JSON object: View
Redhat Information
No data.
CWE