ID

VAR-202108-1773


CVE

CVE-2021-33886


TITLE

B. Braun SpaceCom2  Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003358

DESCRIPTION

An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device. B. Braun SpaceCom2 Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Braun SpaceCom2 is a hardware device from B. Braun, Germany, for connecting external devices to record data in a patient data management system, PC or USB memory stick. Braun SpaceCom2 versions prior to 012U000062 have an input validation error vulnerability. Gain user-level command line access

Trust: 2.25

sources: NVD: CVE-2021-33886 // JVNDB: JVNDB-2021-003358 // CNVD: CNVD-2022-22470 // VULMON: CVE-2021-33886

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-22470

AFFECTED PRODUCTS

vendor:bbraunmodel:spacecom2scope:ltversion:012u000062

Trust: 1.0

vendor:ビー ブラウンエースクラップ株式会社model:spacecom2scope:eqversion: -

Trust: 0.8

vendor:ビー ブラウンエースクラップ株式会社model:spacecom2scope:eqversion:012u000062

Trust: 0.8

vendor:bmodel:braun spacecom2 <012u000062scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2022-22470 // JVNDB: JVNDB-2021-003358 // NVD: CVE-2021-33886

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-33886
value: HIGH

Trust: 1.0

cve@mitre.org: CVE-2021-33886
value: HIGH

Trust: 1.0

NVD: CVE-2021-33886
value: HIGH

Trust: 0.8

CNVD: CNVD-2022-22470
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-2342
value: HIGH

Trust: 0.6

VULMON: CVE-2021-33886
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-33886
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-22470
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-33886
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

cve@mitre.org: CVE-2021-33886
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-33886
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-22470 // VULMON: CVE-2021-33886 // JVNDB: JVNDB-2021-003358 // CNNVD: CNNVD-202108-2342 // NVD: CVE-2021-33886 // NVD: CVE-2021-33886

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-003358 // NVD: CVE-2021-33886

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2342

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-202108-2342

PATCH

title:Top Pageurl:https://www.bbraun.com/en.html

Trust: 0.8

sources: JVNDB: JVNDB-2021-003358

EXTERNAL IDS

db:NVDid:CVE-2021-33886

Trust: 3.1

db:ICS CERTid:ICSMA-21-294-01

Trust: 1.5

db:JVNid:JVNVU93193058

Trust: 0.8

db:JVNDBid:JVNDB-2021-003358

Trust: 0.8

db:CNVDid:CNVD-2022-22470

Trust: 0.6

db:AUSCERTid:ESB-2021.3526

Trust: 0.6

db:AUSCERTid:ESB-2022.5281

Trust: 0.6

db:CS-HELPid:SB2021102506

Trust: 0.6

db:CNNVDid:CNNVD-202108-2342

Trust: 0.6

db:VULMONid:CVE-2021-33886

Trust: 0.1

sources: CNVD: CNVD-2022-22470 // VULMON: CVE-2021-33886 // JVNDB: JVNDB-2021-003358 // CNNVD: CNNVD-202108-2342 // NVD: CVE-2021-33886

REFERENCES

url:https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/

Trust: 2.5

url:https://www.bbraunusa.com/en.htm

Trust: 1.7

url:https://us-cert.cisa.gov/ics/advisories/icsma-21-294-01

Trust: 1.4

url:https://jvn.jp/vu/jvnvu93193058//

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-33886

Trust: 0.8

url:https://www.bbraunusa.com/en.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.5281

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021102506

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3526

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/134.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.cisa.gov/uscert/ics/advisories/icsma-21-294-01

Trust: 0.1

sources: CNVD: CNVD-2022-22470 // VULMON: CVE-2021-33886 // JVNDB: JVNDB-2021-003358 // CNNVD: CNNVD-202108-2342 // NVD: CVE-2021-33886

CREDITS

Douglas McKee and Philippe Laulheret of McAfee reported these vulnerabilities to B. Braun.

Trust: 0.6

sources: CNNVD: CNNVD-202108-2342

SOURCES

db:CNVDid:CNVD-2022-22470
db:VULMONid:CVE-2021-33886
db:JVNDBid:JVNDB-2021-003358
db:CNNVDid:CNNVD-202108-2342
db:NVDid:CVE-2021-33886

LAST UPDATE DATE

2024-08-14T13:53:56.103000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-22470date:2022-03-24T00:00:00
db:VULMONid:CVE-2021-33886date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-003358date:2021-10-25T05:28:00
db:CNNVDid:CNNVD-202108-2342date:2022-10-24T00:00:00
db:NVDid:CVE-2021-33886date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-22470date:2022-03-24T00:00:00
db:VULMONid:CVE-2021-33886date:2021-08-25T00:00:00
db:JVNDBid:JVNDB-2021-003358date:2021-10-25T00:00:00
db:CNNVDid:CNNVD-202108-2342date:2021-08-25T00:00:00
db:NVDid:CVE-2021-33886date:2021-08-25T12:15:17.130