CVE-2020-25152

B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Description

A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom administrative interface Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to hijack web sessions and escalate privileges.

Remediation

Solution:

  • B. Braun recommends applying updates: SpaceCom: Version U62 or later (United States), L82 or later (outside the United States) Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States) Data module compactplus: Version A12 or later Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Workaround:

  • As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms: Ensure the devices are not accessible directly from the Internet. Use a firewall and isolate the medical devices from the business network. Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Category

6.5
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.40%
Third-Party Advisory cisa.gov
Affected: B. Braun Melsungen AG SpaceCom
Affected: B. Braun Melsungen AG Battery pack with Wi-Fi
Affected: B. Braun Melsungen AG Data module compactplus
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 third party advisory us government resource
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html broken link

Frequently Asked Questions

What is the severity of CVE-2020-25152?
CVE-2020-25152 has been scored as a medium severity vulnerability.
How to fix CVE-2020-25152?
To fix CVE-2020-25152: B. Braun recommends applying updates: SpaceCom: Version U62 or later (United States), L82 or later (outside the United States) Battery Pack SP with Wi-Fi: Version U62 or later (United States), L82 or later (outside the United States) Data module compactplus: Version A12 or later Please contact your local B. Braun organization to request further help. For more information please see the B. Braun Security Advisory. https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html
Is CVE-2020-25152 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2020-25152 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2020-25152?
CVE-2020-25152 affects B. Braun Melsungen AG SpaceCom, B. Braun Melsungen AG Battery pack with Wi-Fi, B. Braun Melsungen AG Data module compactplus.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.