CVE-2020-25150 – This vulnerability allows attackers with servic... (How to Fix)

Q: What is the severity of CVE-2020-25150?

CVE-2020-25150 has a CVSS score of 7.6 (HIGH). This vulnerability allows attackers with service user privileges to perform relative path traversal attacks in B. Braun medical devices. By uploading specially crafted tar files, attackers can execute arbitrary commands on affected SpaceCom and Data module compactplus systems. This affects healthcare organizations using these specific medical device management systems.

📋 TL;DR

This vulnerability allows attackers with service user privileges to perform relative path traversal attacks in B. Braun medical devices. By uploading specially crafted tar files, attackers can execute arbitrary commands on affected SpaceCom and Data module compactplus systems. This affects healthcare organizations using these specific medical device management systems.

💻 Affected Systems

Products:

B. Braun SpaceCom
B. Braun Data module compactplus

Versions: SpaceCom Version L81/U61 and earlier; Data module compactplus Versions A10 and A11

Operating Systems: Embedded medical device OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects medical device management systems used in healthcare settings. Requires service user privileges for exploitation.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, potentially disrupting medical device operations, accessing patient data, or modifying device configurations in healthcare environments.

🟠

Likely Case

Attackers with service user access could upload malicious files to execute commands, potentially disrupting medical device management systems or exfiltrating sensitive healthcare data.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated medical device management networks with minimal patient safety risk.

🌐 Internet-Facing: LOW - Medical devices should never be directly internet-facing. If exposed, risk becomes HIGH due to potential healthcare system compromise.

🏢 Internal Only: MEDIUM - Requires service user credentials but could impact critical healthcare infrastructure if exploited internally.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires service user credentials and ability to upload tar files. Path traversal technique combined with tar file manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SpaceCom Version L82/U62 or later; Data module compactplus Version A12 or later

Vendor Advisory: https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html

Restart Required: Yes

Instructions:

1. Contact B. Braun technical support for patching instructions. 2. Schedule maintenance window for medical device updates. 3. Apply vendor-provided patches. 4. Restart affected systems. 5. Verify patch installation.

🔧 Temporary Workarounds

Restrict file upload permissions

all

Limit service user file upload capabilities to prevent tar file uploads

Network segmentation

all

Isolate medical device management systems from general network access

🧯 If You Can't Patch

Implement strict access controls limiting service user privileges
Monitor for unusual file upload activities and tar file processing

🔍 How to Verify

Check if Vulnerable:

Check device version against affected versions: SpaceCom L81/U61 or earlier, Data module compactplus A10/A11

Check Version:

Check device interface or contact B. Braun support for version verification

Verify Fix Applied:

Verify device shows SpaceCom Version L82/U62 or later, or Data module compactplus Version A12 or later

📡 Detection & Monitoring

Log Indicators:

Unusual tar file uploads by service users
File upload attempts with path traversal patterns
Unexpected command execution events

Network Indicators:

File upload traffic to medical device management systems
Unusual outbound connections from medical devices

SIEM Query:

source="medical_device" AND (event="file_upload" AND file_extension="tar") OR (event="command_execution" AND user="service_user")

📊 Metadata

CVE ID: CVE-2020-25150

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-23

Published: April 14, 2022

Last Updated: November 21, 2024

🔗 References

https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html Broken Link
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 Third Party Advisory,US Government Resource
https://www.bbraun.com/en/products-and-therapies/services/b-braun-vulnerability-disclosure-policy/security-advisory.html Broken Link
https://www.cisa.gov/uscert/ics/advisories/icsma-20-296-02 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-25150, you might also want to check these: