CVE-2021-33885 – CVE-2021-33885 allows remote unauthenticated at... (How to Fix)

Q: What is the severity of CVE-2021-33885?

CVE-2021-33885 has a CVSS score of 10.0 (CRITICAL). CVE-2021-33885 allows remote unauthenticated attackers to send malicious data to B. Braun SpaceCom2 devices that will be accepted without cryptographic verification, leading to full system command execution. This affects B. Braun SpaceCom2 infusion pump systems prior to version 012U000062. Healthcare organizations using these medical devices are at risk.

📋 TL;DR

CVE-2021-33885 allows remote unauthenticated attackers to send malicious data to B. Braun SpaceCom2 devices that will be accepted without cryptographic verification, leading to full system command execution. This affects B. Braun SpaceCom2 infusion pump systems prior to version 012U000062. Healthcare organizations using these medical devices are at risk.

💻 Affected Systems

Products:

B. Braun SpaceCom2

Versions: All versions prior to 012U000062

Operating Systems: Embedded medical device OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the SpaceCom2 server component used to manage multiple infusion pumps in healthcare settings.

📦 What is this software?

Spacecom2 by Bbraun

View all CVEs affecting Spacecom2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of infusion pump systems allowing unauthorized medication delivery changes, patient harm, or disruption of critical medical services.

🟠

Likely Case

Unauthorized access to medical device networks, potential manipulation of infusion parameters, and compromise of adjacent hospital systems.

🟢

If Mitigated

Limited impact with proper network segmentation, but still presents risk to medical device availability and integrity.

🌐 Internet-Facing: HIGH - Devices may be exposed to internet in some healthcare network configurations, allowing direct remote exploitation.

🏢 Internal Only: HIGH - Even internally, unauthenticated attackers on the network can exploit this vulnerability to gain full system control.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the SpaceCom2 device but no authentication. The vulnerability is in critical data handling without cryptographic signatures.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 012U000062

Vendor Advisory: https://www.bbraunusa.com/en.htm

Restart Required: Yes

Instructions:

1. Contact B. Braun technical support for patch availability. 2. Schedule maintenance window for medical device updates. 3. Apply firmware update to version 012U000062. 4. Verify update completion and system functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate SpaceCom2 devices on dedicated VLANs with strict firewall rules limiting access to authorized management systems only.

Access Control Lists

all

Implement network ACLs to restrict communication with SpaceCom2 devices to only necessary IP addresses and protocols.

🧯 If You Can't Patch

Implement strict network segmentation to isolate SpaceCom2 devices from general hospital networks
Deploy network monitoring and intrusion detection specifically for medical device traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check device firmware version via SpaceCom2 management interface. If version is below 012U000062, the device is vulnerable.

Check Version:

Check via SpaceCom2 web interface or management console for firmware version information.

Verify Fix Applied:

Verify firmware version shows 012U000062 or higher in the device management interface.

📡 Detection & Monitoring

Log Indicators:

Unauthorized connection attempts to SpaceCom2 devices
Unexpected configuration changes in infusion pump settings
Anomalous network traffic to medical device ports

Network Indicators:

Unusual traffic patterns to/from SpaceCom2 devices on port 80/443
Unauthorized IP addresses communicating with medical devices
Malformed data packets sent to SpaceCom2 systems

SIEM Query:

source_ip=* AND dest_ip=SpaceCom2_IP AND (port=80 OR port=443) AND bytes_transferred>threshold

📊 Metadata

CVE ID: CVE-2021-33885

CVSS v3 Score: 10.0 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-347

Published: August 25, 2021

Last Updated: November 21, 2024

🔗 References

https://www.bbraunusa.com/en.htm Broken Link
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/ Exploit,Third Party Advisory
https://www.bbraunusa.com/en.htm Broken Link
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-33885, you might also want to check these: