csaf_cisa - ICSMA-17-082-02

ICSMA-17-082-02

Vulnerability from csaf_cisa

Published

2017-03-23 00:00

Modified

2017-05-23 00:00

Summary

ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-082-02 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsma-17-082-02.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-082-02 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-17-082-02"
      }
    ],
    "title": "ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability",
    "tracking": {
      "current_release_date": "2017-05-23T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSMA-17-082-02",
      "initial_release_date": "2017-03-23T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-03-23T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-17-082-02P B. Braun Medical SpaceCom Open Redirect Vulnerability"
        },
        {
          "date": "2017-05-23T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSMA-17-082-02 B. Braun Medical SpaceCom Open Redirect Vulnerability (Update A)"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 012U000040",
                "product": {
                  "name": "SpaceStation with SpaceCom module (integrated as part number 8713142U): software versions prior to Version 012U000040",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "SpaceStation with SpaceCom module (integrated as part number 8713142U)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 012U000040",
                "product": {
                  "name": "SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U): software versions prior to Version 012U000040",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U)"
          }
        ],
        "category": "vendor",
        "name": "B. Braun"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6018",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "https://ftp.bbmus.com",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://ftp.bbmus.com"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ],
      "title": "CVE-2017-6018"
    }
  ]
}

CVE-2017-6018 (GCVE-0-2017-6018)

Vulnerability from cvelistv5

Published

2017-06-30 02:35

Modified

2024-08-05 15:18

Severity ?

CWE

CWE-601

Summary

An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.

References

URL

Tags

https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	B. Braun Medical SpaceCom	Version: B. Braun Medical SpaceCom

Show details on NVD website