CVE-2020-16238

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Description

A vulnerability in the configuration import mechanism of the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with command line access to the underlying Linux system to escalate privileges to the root user.

Remediation

Solution:

  • B. Braun recommends applying updates: SpaceCom: Version U62 or later (United States), L82 or later (outside the United States) Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States) Data module compactplus: Version A12 or later Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Workaround:

  • As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms: Ensure the devices are not accessible directly from the Internet. Use a firewall and isolate the medical devices from the business network. Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Category

6.7
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.11%
Third-Party Advisory cisa.gov
Affected: B. Braun Melsungen AG SpaceCom
Affected: B. Braun Melsungen AG Battery pack with Wi-Fi
Affected: B. Braun Melsungen AG Data module compactplus
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 third party advisory us government resource
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html broken link

Frequently Asked Questions

What is the severity of CVE-2020-16238?
CVE-2020-16238 has been scored as a medium severity vulnerability.
How to fix CVE-2020-16238?
To fix CVE-2020-16238: B. Braun recommends applying updates: SpaceCom: Version U62 or later (United States), L82 or later (outside the United States) Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States) Data module compactplus: Version A12 or later Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
Is CVE-2020-16238 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-16238 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-16238?
CVE-2020-16238 affects B. Braun Melsungen AG SpaceCom, B. Braun Melsungen AG Battery pack with Wi-Fi, B. Braun Melsungen AG Data module compactplus.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.