Vulnerability-Lookup

CVE-2021-37165 (GCVE-0-2021-37165)

Vulnerability from cvelistv5 – Published: 2021-08-02 10:48 – Updated: 2024-08-04 01:16

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

4 references

URL	Tags
https://www.swisslog-healthcare.com	x_refsource_MISC
https://www.armis.com/PwnedPiper	x_refsource_MISC
https://www.swisslog-healthcare.com/-/media/swiss…	x_refsource_MISC
https://www.swisslog-healthcare.com/en-us/custome…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:03.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.swisslog-healthcare.com"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.armis.com/PwnedPiper"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-02T12:40:04.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.swisslog-healthcare.com"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.armis.com/PwnedPiper"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-37165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.swisslog-healthcare.com",
              "refsource": "MISC",
              "url": "https://www.swisslog-healthcare.com"
            },
            {
              "name": "https://www.armis.com/PwnedPiper",
              "refsource": "MISC",
              "url": "https://www.armis.com/PwnedPiper"
            },
            {
              "name": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC",
              "refsource": "MISC",
              "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
            },
            {
              "name": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20",
              "refsource": "MISC",
              "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-37165",
    "datePublished": "2021-08-02T10:48:40.000Z",
    "dateReserved": "2021-07-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T01:16:03.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-37165",
      "date": "2026-05-30",
      "epss": "0.04996",
      "percentile": "0.8986"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.2.5.7\", \"matchCriteriaId\": \"B9286DC1-0111-49C4-9BD4-1601AAD025A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"92F48887-6E68-4A96-87F6-C8DB7773C4A2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema de desbordamiento del b\\u00fafer en el panel de control HMI3 del panel Nexus de Swisslog Healthcare que funciona con versiones de software anteriores a 7.2.5.7 del software Nexus. Cuando es enviado un mensaje al socket TCP de HMI, \\u00e9ste es reenviado a la funci\\u00f3n hmiProcessMsg mediante el pendingQ, y puede conllevar a una ejecuci\\u00f3n de c\\u00f3digo remota\"}]",
      "id": "CVE-2021-37165",
      "lastModified": "2024-11-21T06:14:46.183",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-08-02T11:15:11.483",
      "references": "[{\"url\": \"https://www.armis.com/PwnedPiper\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.swisslog-healthcare.com\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.armis.com/PwnedPiper\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.swisslog-healthcare.com\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-120\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-37165\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-08-02T11:15:11.483\",\"lastModified\":\"2024-11-21T06:14:46.183\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema de desbordamiento del b\u00fafer en el panel de control HMI3 del panel Nexus de Swisslog Healthcare que funciona con versiones de software anteriores a 7.2.5.7 del software Nexus. Cuando es enviado un mensaje al socket TCP de HMI, \u00e9ste es reenviado a la funci\u00f3n hmiProcessMsg mediante el pendingQ, y puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-120\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.2.5.7\",\"matchCriteriaId\":\"B9286DC1-0111-49C4-9BD4-1601AAD025A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92F48887-6E68-4A96-87F6-C8DB7773C4A2\"}]}]}],\"references\":[{\"url\":\"https://www.armis.com/PwnedPiper\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.swisslog-healthcare.com\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.armis.com/PwnedPiper\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.swisslog-healthcare.com\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CNVD-2021-62179

Vulnerability from cnvd - Published: 2021-08-16

Title

Nexus Control Panel缓冲区溢出漏洞（CNVD-2021-62179）

Description

Swisslog Healthcare Nexus Panel是Swisslog Healthcare公司的一款医疗设备。 Nexus Control Panel 7.2.5.7之前版本存在缓冲区溢出漏洞。攻击者可通过将特制消息发送到HMI利用该漏洞实现远程代码执行。

Severity

高

Patch Name

Nexus Control Panel缓冲区溢出漏洞（CNVD-2021-62179）的补丁

Patch Description

Swisslog Healthcare Nexus Panel是Swisslog Healthcare公司的一款医疗设备。 Nexus Control Panel 7.2.5.7之前版本存在缓冲区溢出漏洞。攻击者可通过将特制消息发送到HMI利用该漏洞实现远程代码执行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://us-cert.cisa.gov/ics/advisories/icsma-21-215-01

Reference

https://us-cert.cisa.gov/ics/advisories/icsma-21-215-01

Impacted products

Name
Swisslog Healthcare Nexus Control Panel <7.2.5.7

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-37165",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-37165"
    }
  },
  "description": "Swisslog Healthcare Nexus Panel\u662fSwisslog Healthcare\u516c\u53f8\u7684\u4e00\u6b3e\u533b\u7597\u8bbe\u5907\u3002\n\nNexus Control Panel 7.2.5.7\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u7279\u5236\u6d88\u606f\u53d1\u9001\u5230HMI\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://us-cert.cisa.gov/ics/advisories/icsma-21-215-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-62179",
  "openTime": "2021-08-16",
  "patchDescription": "Swisslog Healthcare Nexus Panel\u662fSwisslog Healthcare\u516c\u53f8\u7684\u4e00\u6b3e\u533b\u7597\u8bbe\u5907\u3002\r\n\r\nNexus Control Panel 7.2.5.7\u4e4b\u524d\u7248\u672c\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5c06\u7279\u5236\u6d88\u606f\u53d1\u9001\u5230HMI\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Nexus Control Panel\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-62179\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Swisslog Healthcare Nexus Control Panel \u003c7.2.5.7"
  },
  "referenceLink": "https://us-cert.cisa.gov/ics/advisories/icsma-21-215-01",
  "serverity": "\u9ad8",
  "submitTime": "2021-08-04",
  "title": "Nexus Control Panel\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-62179\uff09"
}

FKIE_CVE-2021-37165

Vulnerability from fkie_nvd - Published: 2021-08-02 11:15 - Updated: 2024-11-21 06:14

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	https://www.armis.com/PwnedPiper	Third Party Advisory
cve@mitre.org	https://www.swisslog-healthcare.com	Product
cve@mitre.org	https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca&hash=F465ACE2C7FAED826B52FE996E36ACEC	Broken Link
cve@mitre.org	https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
af854a3a-2127-422b-91ae-364da2661108	https://www.armis.com/PwnedPiper	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.swisslog-healthcare.com	Product
af854a3a-2127-422b-91ae-364da2661108	https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca&hash=F465ACE2C7FAED826B52FE996E36ACEC	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20

Impacted products

	Vendor	Product	Version
	swisslog-healthcare	hmi-3_control_panel_firmware	*
	swisslog-healthcare	hmi-3_control_panel	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9286DC1-0111-49C4-9BD4-1601AAD025A9",
              "versionEndExcluding": "7.2.5.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92F48887-6E68-4A96-87F6-C8DB7773C4A2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution."
    },
    {
      "lang": "es",
      "value": "Se ha detectado un problema de desbordamiento del b\u00fafer en el panel de control HMI3 del panel Nexus de Swisslog Healthcare que funciona con versiones de software anteriores a 7.2.5.7 del software Nexus. Cuando es enviado un mensaje al socket TCP de HMI, \u00e9ste es reenviado a la funci\u00f3n hmiProcessMsg mediante el pendingQ, y puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota"
    }
  ],
  "id": "CVE-2021-37165",
  "lastModified": "2024-11-21T06:14:46.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-02T11:15:11.483",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.armis.com/PwnedPiper"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://www.swisslog-healthcare.com"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.armis.com/PwnedPiper"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://www.swisslog-healthcare.com"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-JFH4-JCMH-HQ55

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-37165"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-120"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-08-02T11:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.",
  "id": "GHSA-jfh4-jcmh-hq55",
  "modified": "2022-05-24T19:09:36Z",
  "published": "2022-05-24T19:09:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37165"
    },
    {
      "type": "WEB",
      "url": "https://www.armis.com/PwnedPiper"
    },
    {
      "type": "WEB",
      "url": "https://www.swisslog-healthcare.com"
    },
    {
      "type": "WEB",
      "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
    },
    {
      "type": "WEB",
      "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2021-37165

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-37165

Aliases

CVE-2021-37165

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-37165",
    "description": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.",
    "id": "GSD-2021-37165"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-37165"
      ],
      "details": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.",
      "id": "GSD-2021-37165",
      "modified": "2023-12-13T01:23:09.672670Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-37165",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.swisslog-healthcare.com",
            "refsource": "MISC",
            "url": "https://www.swisslog-healthcare.com"
          },
          {
            "name": "https://www.armis.com/PwnedPiper",
            "refsource": "MISC",
            "url": "https://www.armis.com/PwnedPiper"
          },
          {
            "name": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC",
            "refsource": "MISC",
            "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
          },
          {
            "name": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20",
            "refsource": "MISC",
            "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2.5.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-37165"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-120"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.armis.com/PwnedPiper",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.armis.com/PwnedPiper"
            },
            {
              "name": "https://www.swisslog-healthcare.com",
              "refsource": "MISC",
              "tags": [
                "Product"
              ],
              "url": "https://www.swisslog-healthcare.com"
            },
            {
              "name": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20"
            },
            {
              "name": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=F465ACE2C7FAED826B52FE996E36ACEC"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-08-10T16:46Z",
      "publishedDate": "2021-08-02T11:15Z"
    }
  }
}

ICSMA-21-215-01

Vulnerability from csaf_cisa - Published: 2021-08-03 00:00 - Updated: 2021-08-03 00:00

Summary

Swisslog Healthcare Translogic PTS

Notes

CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to gain control of the device, escalate privileges, or execute arbitrary code.

Critical infrastructure sectors: Healthcare

Countries/areas deployed: Worldwide

Company headquarters location: United States

Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks:

Exploitability: No known public exploits specifically target these vulnerabilities.

CVE-2021-37163

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-259 - Use of Hard-coded Password

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

CVE-2021-37167

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-250 - Execution with Unnecessary Privileges

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

CVE-2021-37161

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-191 - Integer Underflow (Wrap or Wraparound)

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

CVE-2021-37162

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-191 - Integer Underflow (Wrap or Wraparound)

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

CVE-2021-37165

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-191 - Integer Underflow (Wrap or Wraparound)

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

CVE-2021-37164

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

CVE-2021-37166

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-287 - Improper Authentication

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

CVE-2021-37160

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-494 - Download of Code Without Integrity Check

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
Nexus Control Panel: versions prior to 7.2.5.7 Swisslog Healthcare / Nexus Control Panel		< 7.2.5.7	Vendor Fix fix Vendor Fix

References

16 references

URL	Category
https://raw.githubusercontent.com/cisagov/CSAF/de…	self
https://www.cisa.gov/news-events/ics-medical-advi…	self
https://us-cert.cisa.gov/ncas/tips/ST04-014	external
https://us-cert.cisa.gov/sites/default/files/reco…	external
https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
http://web.nvd.nist.gov/view/vuln/detail?vulnId=C…	external
https://www.first.org/cvss/calculator/3.0#CVSS:3.…	external

Acknowledgments

Armis Barak Hadad Ben Seri

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Barak Hadad",
          "Ben Seri"
        ],
        "organization": "Armis",
        "summary": "reporting these vulnerabilities to Swisslog"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to gain control of the device, escalate privileges, or execute arbitrary code.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-21-215-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsma-21-215-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-21-215-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-215-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Swisslog Healthcare Translogic PTS",
    "tracking": {
      "current_release_date": "2021-08-03T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-21-215-01",
      "initial_release_date": "2021-08-03T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-08-03T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-21-215-01 Swisslog Translogic PTS"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 7.2.5.7",
                "product": {
                  "name": "Nexus Control Panel: versions prior to 7.2.5.7",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Nexus Control Panel"
          }
        ],
        "category": "vendor",
        "name": "Swisslog Healthcare"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-37163",
      "cwe": {
        "id": "CWE-259",
        "name": "Use of Hard-coded Password"
      },
      "notes": [
        {
          "category": "summary",
          "text": "User and root accounts have hardcoded passwords that can be accessed remotely on the Nexus Control Panel. These accounts are enabled by default and cannot be turned off by native configuration of the system.CVE-2021-37163 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37163"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-37167",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A user logged in using the default credentials can gain root access to the device, which allows permissions for all the functionalities of the device.CVE-2021-37167 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37167"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-37161",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow allows an attacker to overwrite an internal queue data structure, which could allow remote code execution.CVE-2021-37161 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37161"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-37162",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A buffer overflow allows an attacker to overwrite an internal queue data structure, which could allow remote code execution.CVE-2021-37162 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37162"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-37165",
      "cwe": {
        "id": "CWE-191",
        "name": "Integer Underflow (Wrap or Wraparound)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A specially crafted message to the HMI may cause an overflow, which could allow remote code execution.CVE-2021-37165 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37165"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-37164",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Received data can be copied to a stack buffer, resulting in an overflow.CVE-2021-37164 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37164"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-37166",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The method used to bind a local service to ports on device interfaces may allow the connection to be hijacked by an external attacker.CVE-2021-37166 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37166"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2021-37160",
      "cwe": {
        "id": "CWE-494",
        "name": "Download of Code Without Integrity Check"
      },
      "notes": [
        {
          "category": "summary",
          "text": "There is no file validation during an upload for an update.CVE-2021-37160 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities.\nSwisslog also recommends the following mitigation methods until updated software is deployed:",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-37160"
        },
        {
          "category": "vendor_fix",
          "details": "Armis recommends the following practices to identify and block attempts to exploit these issues.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

VAR-202108-1895

Vulnerability from variot - Updated: 2023-12-18 11:30

A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1895",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hmi-3 control panel",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "swisslog healthcare",
        "version": "7.2.5.7"
      },
      {
        "model": "healthcare nexus control panel",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "swisslog",
        "version": "7.2.5.7"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "7.2.5.7",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Barak Hadad and Ben Seri from Armis reported these vulnerabilities to Swisslog.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-37165",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2021-62179",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2021-37165",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-37165",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-62179",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-078",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-37165",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37165"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-37165",
        "trust": 2.3
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-21-215-01",
        "trust": 1.2
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.2625",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021080306",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-078",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37165",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ]
  },
  "id": "VAR-202108-1895",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      }
    ],
    "trust": 1.6
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      }
    ]
  },
  "last_update_date": "2023-12-18T11:30:07.985000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Patch for Nexus Control Panel buffer overflow vulnerability (CNVD-2021-62179)",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/286001"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-120",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.armis.com/pwnedpiper"
      },
      {
        "trust": 1.7,
        "url": "https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37165-bulletin---overflow-in-hmiprocessmsg.pdf?rev=2e2678dab62b41ba999cd6d1e03974ca\u0026hash=f465ace2c7faed826b52fe996e36acec"
      },
      {
        "trust": 1.2,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-215-01"
      },
      {
        "trust": 1.1,
        "url": "https://www.swisslog-healthcare.com"
      },
      {
        "trust": 1.0,
        "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=cve%20disclosures%20%20%20%20vulnerability%20name%20%2c%20%20cve-2021-37164%20%204%20more%20rows%20"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=cve%20disclosures%20%20%20%20vulnerability%20name%20"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021080306"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.2625"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/120.html"
      },
      {
        "trust": 0.1,
        "url": "https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=cve%20disclosures%20%20%20%20vulnerability%20name%20,%20%20cve-2021-37164%20%204%20more%20rows%20"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-37165"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-37165"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "date": "2021-08-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37165"
      },
      {
        "date": "2021-08-02T11:15:11.483000",
        "db": "NVD",
        "id": "CVE-2021-37165"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-01-18T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      },
      {
        "date": "2021-08-10T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-37165"
      },
      {
        "date": "2023-11-07T03:36:55.457000",
        "db": "NVD",
        "id": "CVE-2021-37165"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-08-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-078"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Nexus Control Panel buffer overflow vulnerability (CNVD-2021-62179)",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-62179"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-37165 (GCVE-0-2021-37165)

CNVD-2021-62179

FKIE_CVE-2021-37165

GHSA-JFH4-JCMH-HQ55

GSD-2021-37165

ICSMA-21-215-01

VAR-202108-1895

Tags

Sightings

Nomenclature