Vulnerabilities Discovered in SpaceCom and B. Braun OnlineSuite

Vulnerabilities in SpaceCom and Battery Pack SP with Wi-Fi

There were 11 vulnerabilities found in SpaceCom Patient Data Management System (in PC or USB memory stick} and Battery Pack with WiFi. These products are employed to hook up external devices for the purpose of documenting information.

The vulnerabilities were found in SpaceCom, software program Versions U61 and prior versions as well as Battery pack with Wi-Fi, software Versions U61 and prior versions.

An attacker can exploit the vulnerabilities and compromise the safety of SpaceCom devices. With elevated privileges, an attacker can view sensitive data, upload arbitrary data files, and wirelessly execute code. These are the 11 vulnerabilities:

1. CVE-2020-25158 (CVSS score of 7.6) – Mirrored cross-site scripting (XSS) vulnerability permitting injection of arbitrary HTML or web script into different areas.
2. CVE-2020-25150 (CVSS score of 7.6) -Relative path traversal attack vulnerability permitting an attacker having service user privileges to transfer arbitrary files and implement arbitrary codes.
3. CVE-2020-25162 (CVSS score of 7.5) – Path injection vulnerability enabling unauthenticated persons to view sensitive data and elevate privileges.
4. CVE-2020-25156 (CVSS score of 7.2) – Active debug code that allows attackers with cryptographic material to use the device as root.
5. CVE-2020-25160 (CVSS score of 6.8) -Incorrect access controls that permit extraction and modifying the device’s network settings.
6. CVE-2020-25166 (CVSS score of 6.8) -Incorrect validation of the cryptographic signature of software updates, which enables an attacker to create acceptable firmware updates having arbitrary material that may be utilized to tinker with devices.
7. CVE-2020-16238 (CVSS score of 6.7) – Inappropriate privilege management that allows attackers to control line access to the root Linux system, and to escalate privileges as root user.
8. CVE-2020-25152 (CVSS score of 6.5) -Session fixation vulnerability enabling web session hijacking and elevating privileges.
9. CVE-2020-25154 (CVSS score of 5.4) – Open redirect vulnerability enabling rerouting to malicious web pages.
10. CVE-2020-25164 (CVSS score of 5.1) – uses a one-way hash that permits the retrieval of user login information at the administrative interface.
11. CVE-2020-25168 (CVSS score of 3.3) – using hard-coded credentials to permit command-line access to get into the Wi-Fi module of the device.

Braun already launched updates to fix the vulnerabilities. Users need to acquire an update of the Battery Pack SP with Wi-Fi: Version U62 or more recent version and the SpaceCom: Version U62 or more recent version.

Braun additionally advises users not to make the devices directly accessible from the web and to set up a firewall and separate medical devices from the business connections.

The following persons were responsible for identifying the vulnerabilities: Dr. Oliver Matula of ERNW Enno Rey Netzwerke GmbH; Julian Suleder, Birk Kauer and Nils Emmerich of ERNW Research GmbH.

Vulnerabilities Discovered in B. Braun OnlineSuite

There were three vulnerabilities found in B. Braun OnlineSuite, which is a clinical IT service for making and delivering drug libraries and handling infusion devices and various medical accessories. If an attacker exploits the vulnerability, it’s possible to increase privileges, upload and download arbitrary data files, and execute code wirelessly.

The most critical vulnerabilities with assigned CVSS v3 base scores of 8.4 to 8.6 out of 10 are the following two vulnerabilities:
1. Vulnerability CVE-2020-25174 is a remote code execution vulnerability that permits an attacker with local access to a vulnerable device to execute code like a high privileged user.
2. Vulnerability CVE-2020-25172 is a relative path traversal vulnerability that permits unauthenticated individuals to upload and downloads of files

The third vulnerability, CVE-2020-25170 is an Excel macro vulnerability found in the export feature and is attributable to the improper handling of multiple input fields, and has an assigned CVSS v3 base score of 6.9.

The abovementioned vulnerabilities are present in OnlineSuite AP 3.0 and prior versions. B.Braun has resolved the vulnerabilities in the OnlineSuite Field Service Information AIS06/20 update. Users are therefore urged to get the update without delay.