CVE-2020-25150

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Description

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands.

Remediation

Solution:

  • B. Braun recommends applying updates: SpaceCom: Version U62 or later (United States), L82 or later (outside the United States) Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States) Data module compactplus: Version A12 or later Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Workaround:

  • As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms: Ensure the devices are not accessible directly from the Internet. Use a firewall and isolate the medical devices from the business network. Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Categories

7.6
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.11%
Third-Party Advisory cisa.gov
Affected: B. Braun Melsungen AG SpaceCom
Affected: B. Braun Melsungen AG Battery pack with Wi-Fi
Affected: B. Braun Melsungen AG Data module compactplus
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 third party advisory us government resource
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html broken link

Frequently Asked Questions

What is the severity of CVE-2020-25150?
CVE-2020-25150 has been scored as a high severity vulnerability.
How to fix CVE-2020-25150?
To fix CVE-2020-25150: B. Braun recommends applying updates: SpaceCom: Version U62 or later (United States), L82 or later (outside the United States) Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States) Data module compactplus: Version A12 or later Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
Is CVE-2020-25150 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-25150 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-25150?
CVE-2020-25150 affects B. Braun Melsungen AG SpaceCom, B. Braun Melsungen AG Battery pack with Wi-Fi, B. Braun Melsungen AG Data module compactplus.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.