本ページは bbraun spacecom に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2020-25168 | Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enable attackers with command line access to access the device’s Wi-Fi module. | [email protected] | 3.3 | 0.21% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25166 | An improper verification of the cryptographic signature of firmware updates of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to generate valid firmware updates with arbitrary content that can be used to tamper with devices. | [email protected] | 7.6 | 0.44% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25164 | A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to recover user credentials of the administrative interface. | [email protected] | 6.5 | 0.58% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25162 | A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges. | [email protected] | 7.5 | 1.75% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25160 | Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. | [email protected] | 6.8 | 0.20% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25158 | A reflected cross-site scripting (XSS) vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations. | [email protected] | 7.6 | 0.79% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25156 | Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier enables attackers in possession of cryptographic material to access the device as root. | [email protected] | 7.2 | 1.11% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25154 | An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG SpaceCom device Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers to redirect users to malicious websites. | [email protected] | 5.4 | 0.62% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25152 | A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges. | [email protected] | 6.5 | 1.20% | 2022-04-14 | 2024-11-21 |
| CVE-2020-25150 | A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands. | [email protected] | 7.6 | 1.43% | 2022-04-14 | 2024-11-21 |
| CVE-2020-16238 | A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user. | [email protected] | 6.7 | 0.24% | 2022-04-14 | 2024-11-21 |