CVE-2023-0888

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:bbraun:battery-pack_sp_with_wifi_firmware:*:*:*:*:global:*:*:*
cpe:2.3:o:bbraun:battery-pack_sp_with_wifi_firmware:*:*:*:*:us:*:*:*
cpe:2.3:h:bbraun:battery-pack_sp_with_wifi:-:*:*:*:*:*:*:*

History

21 Nov 2024, 07:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.2
v2 : unknown
v3 : 4.9
References () https://www.bbraun.com/productsecurity - Product () https://www.bbraun.com/productsecurity - Product
References () https://www.bbraunusa.com/productsecurity - Product () https://www.bbraunusa.com/productsecurity - Product

07 Nov 2023, 04:01

Type Values Removed Values Added
Summary An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks

Information

Published : 2023-03-13 09:15

Updated : 2024-11-21 07:38


NVD link : CVE-2023-0888

Mitre link : CVE-2023-0888

CVE.ORG link : CVE-2023-0888


JSON object : View

Products Affected

bbraun

  • battery-pack_sp_with_wifi
  • battery-pack_sp_with_wifi_firmware
CWE
CWE-95

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

CWE-94

Improper Control of Generation of Code ('Code Injection')