B. Braun Medical Space Battery Pack SP with Wi-Fi Vulnerability

B. Braun Medical Space Battery Pack SP with Wi-Fi contains a vulnerability that could cause privilege escalation

Threat ID:: CC-4286
Threat Severity:: Low
Published:: 17 March 2023 1:57 PM

Report a cyber attack: call 0300 303 5222 or email carecert@nhsdigital.nhs.uk

Summary

B. Braun Medical Space Battery Pack SP with Wi-Fi contains a vulnerability that could cause privilege escalation

Affected platforms

The following platforms are known to be affected:

B. Braun Battery-Pack SP with WiFi

Battery pack SP with Wi-Fi (SN 138853 and higher) with software 053L000092 (global) / 054U000092 (U.S.) and earlier versions

Threat details

Introduction

B. Braun Medical has identified vulnerability in their Space Battery Pack SP with Wi-Fi. The battery pack allows to users to operate standalone pumps.

Successful exploitation of this vulnerability could allow an authenticated attacker to compromise the security of the Space communication device ‘Battery Pack SP with Wi-Fi’. This vulnerability could allow the attacker to escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution.

The B. Braun advisory states that without the knowledge of web server credentials and direct network access to the specific device, this vulnerability cannot be exploited.

Remediation advice

Affected organisations are encouraged to review the B. Braun Medical Inc. Statement regarding cybersecurity vulnerability with Space Battery Pack SP with Wi-Fi advisory for more information.

B. Braun has given additional mitigation advice, including device and network recommendations in the advisory.

Definitive source of threat updates

https://www.bbraunusa.com/en/products-and-therapies/b-braun-product-security/infusion-systems-security-advisory/3-2023-battery-pack-sp-with-wi-fi---eval-injection-vuln.html

CVE Vulnerabilities

Status Published

CVE-2023-0888

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device WiFi network (such as a biomedical engineering staff member) and the specific B.Braun Battery Pack SP with WiFi web server credentials, could get administrative (root) access on the infusion pump communication module. This could be used as a vector to start further attacks

Last edited: 17 March 2023 1:57 pm