var-201706-0454
Vulnerability from variot
An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. B. Braun Medical SpaceCom The module contains an open redirect vulnerability.Information may be obtained and information may be altered. Braun SpaceCom Module is a product used to facilitate the exchange of medical system information, used to connect hospital network systems and external clinical systems, input data, medical history and service information to connected workstations. An attacker could exploit the vulnerability to post a specially crafted URI and instruct the user to click to redirect the user to an attacker-controlled website, causing a phishing attack. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. Versions prior to SpaceCom module 012U000040 are vulnerable. B.Braun Medical SpaceCom module is a product communication module of B.Braun Medical Company in the United States. An attacker can redirect users to arbitrary URLs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0454",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "station",
"scope": "eq",
"trust": 1.6,
"vendor": "bbraun",
"version": null
},
{
"model": "braun spacecom module",
"scope": "eq",
"trust": 0.9,
"vendor": "b",
"version": "0"
},
{
"model": "spacestation software",
"scope": "lt",
"trust": 0.8,
"vendor": "b brown a scrap",
"version": "012u000040"
},
{
"model": "braun spacecom module 012u000040",
"scope": "ne",
"trust": 0.3,
"vendor": "b",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "station",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "BID",
"id": "98624"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
},
{
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:bbraun:station_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef and Rocco Gagliardi of scip AG.",
"sources": [
{
"db": "BID",
"id": "98624"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6018",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-6018",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-10575",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-114221",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2017-6018",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6018",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-6018",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-10575",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-594",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-114221",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "VULHUB",
"id": "VHN-114221"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
},
{
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An open redirect issue was discovered in B. Braun Medical SpaceCom module, which is integrated into the SpaceStation docking station: SpaceStation with SpaceCom module (integrated as part number 8713142U), software versions prior to Version 012U000040, and SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U), software versions prior to Version 012U000040. The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input. B. Braun Medical SpaceCom The module contains an open redirect vulnerability.Information may be obtained and information may be altered. Braun SpaceCom Module is a product used to facilitate the exchange of medical system information, used to connect hospital network systems and external clinical systems, input data, medical history and service information to connected workstations. An attacker could exploit the vulnerability to post a specially crafted URI and instruct the user to click to redirect the user to an attacker-controlled website, causing a phishing attack. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible. \nVersions prior to SpaceCom module 012U000040 are vulnerable. B.Braun Medical SpaceCom module is a product communication module of B.Braun Medical Company in the United States. An attacker can redirect users to arbitrary URLs",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6018"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "BID",
"id": "98624"
},
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "VULHUB",
"id": "VHN-114221"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6018",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-17-082-02",
"trust": 2.8
},
{
"db": "BID",
"id": "98624",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-10575",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073",
"trust": 0.8
},
{
"db": "IVD",
"id": "BA0BEADE-70F9-49D8-81ED-8E81D4C51FC7",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114221",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "VULHUB",
"id": "VHN-114221"
},
{
"db": "BID",
"id": "98624"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
},
{
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"id": "VAR-201706-0454",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "VULHUB",
"id": "VHN-114221"
}
],
"trust": 1.65
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
}
]
},
"last_update_date": "2024-11-23T22:30:46.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "B. Braun SpaceCom",
"trust": 0.8,
"url": "https://www.bbraun.com/en/products/b/b-braun-spacecom.html"
},
{
"title": "B. Braun SpaceCom Module Open Redirection Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/95388"
},
{
"title": "B.Braun Medical SpaceCom Fixes for module input validation error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100375"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-601",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114221"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-082-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6018"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6018"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/98624"
},
{
"trust": 0.3,
"url": "http://www.bbraun.co.in/cps/rde/xchg/cw-bbraun-hi-in/hs.xsl/products.html?prid=prid00001838"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "VULHUB",
"id": "VHN-114221"
},
{
"db": "BID",
"id": "98624"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
},
{
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"db": "VULHUB",
"id": "VHN-114221"
},
{
"db": "BID",
"id": "98624"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
},
{
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"date": "2017-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-114221"
},
{
"date": "2017-05-23T00:00:00",
"db": "BID",
"id": "98624"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"date": "2017-02-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-594"
},
{
"date": "2017-06-30T03:29:00.267000",
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-10575"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-114221"
},
{
"date": "2017-05-23T00:00:00",
"db": "BID",
"id": "98624"
},
{
"date": "2017-08-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006073"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-594"
},
{
"date": "2024-11-21T03:28:54.807000",
"db": "NVD",
"id": "CVE-2017-6018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "B. Braun SpaceCom Module Open redirection vulnerability",
"sources": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "CNVD",
"id": "CNVD-2017-10575"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "ba0beade-70f9-49d8-81ed-8e81d4c51fc7"
},
{
"db": "BID",
"id": "98624"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-594"
}
],
"trust": 1.1
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…