漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi
Vulnerability Description
An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Vulnerability Title
B. Braun SpaceCom 代码注入漏洞
Vulnerability Description
B. Braun SpaceCom是德国贝朗(B. Braun)公司的一款应用于医疗的微型摄像头。 B. Braun SpaceCom WiFi Battery embedded web server L90/U70 和 L92/U92版本存在安全漏洞,攻击者利用该漏洞可以通过指令的不当无效化获取对 WiFi 通信模块的管理访问权限,可以访问医疗设备 WiFi 网络和具有 WiFi 网络服务器凭据的特定 B.Braun Battery Pack SP,可以获得输液泵通信模块的管理(root)访问权限等。
CVSS Information
N/A
Vulnerability Type
N/A