cvelistv5 - CVE-2017-6018

CVE-2017-6018 (GCVE-0-2017-6018)

Vulnerability from cvelistv5

Published

2017-06-30 02:35

Modified

2024-08-05 15:18

Severity ?

CWE

CWE-601

Summary

References

URL

	Vendor	Product	Version
	n/a	B. Braun Medical SpaceCom	Version: B. Braun Medical SpaceCom

ICSMA-17-082-02

Vulnerability from csaf_cisa

Published

2017-03-23 00:00

Modified

2017-05-23 00:00

Summary

ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-082-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsma-17-082-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-082-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-17-082-02"
      }
    ],
    "title": "ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability",
    "tracking": {
      "current_release_date": "2017-05-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSMA-17-082-02",
      "initial_release_date": "2017-03-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-17-082-02P B. Braun Medical SpaceCom Open Redirect Vulnerability"
        },
        {
          "date": "2017-05-23T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSMA-17-082-02 B. Braun Medical SpaceCom Open Redirect Vulnerability (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 012U000040",
                "product": {
                  "name": "SpaceStation with SpaceCom module (integrated as part number 8713142U): software versions prior to Version 012U000040",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SpaceStation with SpaceCom module (integrated as part number 8713142U)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 012U000040",
                "product": {
                  "name": "SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U): software versions prior to Version 012U000040",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U)"
          }
        ],
        "category": "vendor",
        "name": "B. Braun"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6018",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "https://ftp.bbmus.com",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://ftp.bbmus.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2017-6018"
    }
  ]
}

icsma-17-082-02

Vulnerability from csaf_cisa

Published

2017-03-23 00:00

Modified

2017-05-23 00:00

Summary

ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-082-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsma-17-082-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-082-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-17-082-02"
      }
    ],
    "title": "ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability",
    "tracking": {
      "current_release_date": "2017-05-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSMA-17-082-02",
      "initial_release_date": "2017-03-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-17-082-02P B. Braun Medical SpaceCom Open Redirect Vulnerability"
        },
        {
          "date": "2017-05-23T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSMA-17-082-02 B. Braun Medical SpaceCom Open Redirect Vulnerability (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 012U000040",
                "product": {
                  "name": "SpaceStation with SpaceCom module (integrated as part number 8713142U): software versions prior to Version 012U000040",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SpaceStation with SpaceCom module (integrated as part number 8713142U)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 012U000040",
                "product": {
                  "name": "SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U): software versions prior to Version 012U000040",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U)"
          }
        ],
        "category": "vendor",
        "name": "B. Braun"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6018",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "https://ftp.bbmus.com",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://ftp.bbmus.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2017-6018"
    }
  ]
}

ghsa-cmhp-37v4-3fmv

Vulnerability from github

Published

2022-05-13 01:36

Modified

2022-05-13 01:36

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6018"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-601"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-30T03:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.",
  "id": "GHSA-cmhp-37v4-3fmv",
  "modified": "2022-05-13T01:36:36Z",
  "published": "2022-05-13T01:36:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6018"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. B. Braun Medical SpaceCom The module contains an open redirect vulnerability.Information may be obtained and information may be altered. Braun SpaceCom Module is a product used to facilitate the exchange of medical system information, used to connect hospital network systems and external clinical systems, input data, medical history and service information to connected workstations. An attacker could exploit the vulnerability to post a specially crafted URI and instruct the user to click to redirect the user to an attacker-controlled website, causing a phishing attack. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Versions prior to SpaceCom module 012U000040 are vulnerable. B.Braun Medical SpaceCom module is a product communication module of B.Braun Medical Company in the United States. An attacker can redirect users to arbitrary URLs

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201706-0454",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "station",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "bbraun",
        "version": null
      },
      {
        "model": "braun spacecom module",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "b",
        "version": "0"
      },
      {
        "model": "spacestation software",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "b brown a scrap",
        "version": "012u000040"
      },
      {
        "model": "braun spacecom module 012u000040",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "b",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "station",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "BID",
        "id": "98624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:bbraun:station_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Marc Ruef and Rocco Gagliardi of scip AG.",
    "sources": [
      {
        "db": "BID",
        "id": "98624"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-6018",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2017-6018",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-10575",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-114221",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2017-6018",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.8,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-6018",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-6018",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-10575",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201702-594",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-114221",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114221"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. B. Braun Medical SpaceCom The module contains an open redirect vulnerability.Information may be obtained and information may be altered. Braun SpaceCom Module is a product used to facilitate the exchange of medical system information, used to connect hospital network systems and external clinical systems, input data, medical history and service information to connected workstations. An attacker could exploit the vulnerability to post a specially crafted URI and instruct the user to click to redirect the user to an attacker-controlled website, causing a phishing attack. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. \nVersions prior to SpaceCom module 012U000040 are vulnerable. B.Braun Medical SpaceCom module is a product communication module of B.Braun Medical Company in the United States. An attacker can redirect users to arbitrary URLs",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-6018"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "BID",
        "id": "98624"
      },
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114221"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-6018",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-17-082-02",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "98624",
        "trust": 1.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "BA0BEADE-70F9-49D8-81ED-8E81D4C51FC7",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-114221",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114221"
      },
      {
        "db": "BID",
        "id": "98624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "id": "VAR-201706-0454",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114221"
      }
    ],
    "trust": 1.65
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:30:46.714000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "B. Braun SpaceCom",
        "trust": 0.8,
        "url": "https://www.bbraun.com/en/products/b/b-braun-spacecom.html"
      },
      {
        "title": "B. Braun SpaceCom Module Open Redirection Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/95388"
      },
      {
        "title": "B.Braun Medical SpaceCom Fixes for module input validation error vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100375"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-601",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-114221"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-17-082-02"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6018"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6018"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/98624"
      },
      {
        "trust": 0.3,
        "url": "http://www.bbraun.co.in/cps/rde/xchg/cw-bbraun-hi-in/hs.xsl/products.html?prid=prid00001838"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114221"
      },
      {
        "db": "BID",
        "id": "98624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "db": "VULHUB",
        "id": "VHN-114221"
      },
      {
        "db": "BID",
        "id": "98624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-22T00:00:00",
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "date": "2017-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114221"
      },
      {
        "date": "2017-05-23T00:00:00",
        "db": "BID",
        "id": "98624"
      },
      {
        "date": "2017-08-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "date": "2017-02-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      },
      {
        "date": "2017-06-30T03:29:00.267000",
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-06-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-114221"
      },
      {
        "date": "2017-05-23T00:00:00",
        "db": "BID",
        "id": "98624"
      },
      {
        "date": "2017-08-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-006073"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      },
      {
        "date": "2024-11-21T03:28:54.807000",
        "db": "NVD",
        "id": "CVE-2017-6018"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "B. Braun SpaceCom Module Open redirection vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-10575"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Input validation error",
    "sources": [
      {
        "db": "IVD",
        "id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
      },
      {
        "db": "BID",
        "id": "98624"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201702-594"
      }
    ],
    "trust": 1.1
  }
}

cnvd-2017-10575

Vulnerability from cnvd

Title

B. Braun SpaceCom Module开放重定向漏洞

Description

B. Braun SpaceCom Module 是一款用于促进医疗系统信息交流的产品，用于连接医院网络系统和外部临床系统，向已连接的工作站输入数据、医疗历史和服务信息等。 B. Braun SpaceCom module存在开放重定向漏洞，该漏洞源于未能充分验证用户输入。攻击者可以利用该漏洞发布一个特制的URI并诱导用户点击，将用户重定向到攻击者控制的网站，造成钓鱼攻击。

Severity

中

Patch Name

B. Braun SpaceCom Module开放重定向漏洞的补丁

Patch Description

B. Braun SpaceCom Module 是一款用于促进医疗系统信息交流的产品，用于连接医院网络系统和外部临床系统，向已连接的工作站输注数据、医疗历史和服务信息等。 B. Braun SpaceCom module存在开放重定向漏洞，该漏洞源于没有充分验证用户输入。攻击者可以利用该漏洞发布一个特制的URI并诱导用户点击，将用户重定向到攻击者控制的网站，造成钓鱼攻击。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.bbraun.co.in/cps/rde/xchg/cw-bbraun-hi-in/hs.xsl/products.html?prid=PRID00001838

Reference

http://www.securityfocus.com/bid/98624

Impacted products

Name
B. Braun SpaceCom module 0

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "98624"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6018",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6018"
    }
  },
  "description": "B. Braun SpaceCom Module \u662f\u4e00\u6b3e\u7528\u4e8e\u4fc3\u8fdb\u533b\u7597\u7cfb\u7edf\u4fe1\u606f\u4ea4\u6d41\u7684\u4ea7\u54c1\uff0c\u7528\u4e8e\u8fde\u63a5\u533b\u9662\u7f51\u7edc\u7cfb\u7edf\u548c\u5916\u90e8\u4e34\u5e8a\u7cfb\u7edf\uff0c\u5411\u5df2\u8fde\u63a5\u7684\u5de5\u4f5c\u7ad9\u8f93\u5165\u6570\u636e\u3001\u533b\u7597\u5386\u53f2\u548c\u670d\u52a1\u4fe1\u606f\u7b49\u3002\r\n\r\nB. Braun SpaceCom module\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u5e03\u4e00\u4e2a\u7279\u5236\u7684URI\u5e76\u8bf1\u5bfc\u7528\u6237\u70b9\u51fb\uff0c\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u653b\u51fb\u8005\u63a7\u5236\u7684\u7f51\u7ad9\uff0c\u9020\u6210\u9493\u9c7c\u653b\u51fb\u3002",
  "discovererName": "Marc Ruef and Rocco Gagliardi of scip AG.",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.bbraun.co.in/cps/rde/xchg/cw-bbraun-hi-in/hs.xsl/products.html?prid=PRID00001838",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-10575",
  "openTime": "2017-06-22",
  "patchDescription": "B. Braun SpaceCom Module \u662f\u4e00\u6b3e\u7528\u4e8e\u4fc3\u8fdb\u533b\u7597\u7cfb\u7edf\u4fe1\u606f\u4ea4\u6d41\u7684\u4ea7\u54c1\uff0c\u7528\u4e8e\u8fde\u63a5\u533b\u9662\u7f51\u7edc\u7cfb\u7edf\u548c\u5916\u90e8\u4e34\u5e8a\u7cfb\u7edf\uff0c\u5411\u5df2\u8fde\u63a5\u7684\u5de5\u4f5c\u7ad9\u8f93\u6ce8\u6570\u636e\u3001\u533b\u7597\u5386\u53f2\u548c\u670d\u52a1\u4fe1\u606f\u7b49\u3002\r\n\r\nB. Braun SpaceCom module\u5b58\u5728\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6ca1\u6709\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u53d1\u5e03\u4e00\u4e2a\u7279\u5236\u7684URI\u5e76\u8bf1\u5bfc\u7528\u6237\u70b9\u51fb\uff0c\u5c06\u7528\u6237\u91cd\u5b9a\u5411\u5230\u653b\u51fb\u8005\u63a7\u5236\u7684\u7f51\u7ad9\uff0c\u9020\u6210\u9493\u9c7c\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "B. Braun SpaceCom Module\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "B. Braun SpaceCom module 0"
  },
  "referenceLink": "http://www.securityfocus.com/bid/98624",
  "serverity": "\u4e2d",
  "submitTime": "2017-05-24",
  "title": "B. Braun SpaceCom Module\u5f00\u653e\u91cd\u5b9a\u5411\u6f0f\u6d1e"
}

gsd-2017-6018

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2017-6018

Aliases

CVE-2017-6018

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6018",
    "description": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.",
    "id": "GSD-2017-6018"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6018"
      ],
      "details": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.",
      "id": "GSD-2017-6018",
      "modified": "2023-12-13T01:21:09.421906Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2017-6018",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "B. Braun Medical SpaceCom",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "B. Braun Medical SpaceCom"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-601"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:bbraun:station_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:bbraun:spacestation:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-6018"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-601"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2019-10-09T23:28Z",
      "publishedDate": "2017-06-30T03:29Z"
    }
  }
}

fkie_cve-2017-6018

Vulnerability from fkie_nvd

Published

2017-06-30 03:29

Modified

2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02	Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02	Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	bbraun	station_firmware	-
	bbraun	spacestation	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:bbraun:station_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E894122-0F6B-4A60-BA71-BC9B03A3CAA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bbraun:spacestation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B457DA3F-190E-450C-97B3-8523BC563391",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema de redireccionamiento abierto en el m\u00f3dulo SpaceCom de B. Braun Medical, que est\u00e1 integrado en la estaci\u00f3n de acoplamiento SpaceStation: m\u00f3dulo SpaceStation with SpaceCom (integrado como n\u00famero de parte 8713142U), versiones de software anteriores a 012U000040 y SpaceStation (n\u00famero de parte 8713140U) con m\u00f3dulo SpaceCom instalado (n\u00famero de parte 8713160U), versiones de software anteriores a 012U000040. El servidor web del producto afectado acepta entradas no seguras, lo que podr\u00eda permitir a atacantes redireccionar la petici\u00f3n a una direcci\u00f3n URL no deseada contenida en una entrada  no segura."
    }
  ],
  "id": "CVE-2017-6018",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-30T03:29:00.267",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-601"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-6018 (GCVE-0-2017-6018)

Vulnerability from cvelistv5

ICSMA-17-082-02

Vulnerability from csaf_cisa

icsma-17-082-02

Vulnerability from csaf_cisa

ghsa-cmhp-37v4-3fmv

Vulnerability from github

var-201706-0454

Vulnerability from variot

cnvd-2017-10575

Vulnerability from cnvd

gsd-2017-6018

Vulnerability from gsd

fkie_cve-2017-6018

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature