CVE-2020-25150 HIGH

CVE-2020-25150: B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

Vendor B. Braun Melsungen Ag

Product SpaceCom

Weakness CWE-23

Published April 14, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

7.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

What the vulnerability does

01Description

A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows attackers with service user privileges to upload arbitrary files. By uploading a specially crafted tar file an attacker can execute arbitrary commands.

Key dates

02Disclosure timeline

April 14, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-25150 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/23.html

Related vulnerabilities

Identifiers

CVE CVE-2020-25150

CWE CWE-23

CVSS 7.6 / HIGH

Affected versions

Vendor B. Braun Melsungen Ag

Product SpaceCom

Affected ≥ unspecified and ≤ U61

Vendor B. Braun Melsungen Ag

Product SpaceCom

Affected ≥ unspecified and ≤ L81

Vendor B. Braun Melsungen Ag

Product Battery pack with Wi-Fi

Affected ≥ unspecified and ≤ U61

Vendor B. Braun Melsungen Ag

Product Battery pack with Wi-Fi

Affected ≥ unspecified and ≤ L81

Vendor B. Braun Melsungen Ag

Product Data module compactplus

Affected A10

Vendor B. Braun Melsungen Ag

Product Data module compactplus

Affected A11

CVE-2020-25150: B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus

01Description

02Disclosure timeline

03References

04Related CVE