CVE-2021-33886
HIGHB. Braun SpaceCom2 < 012U000062 - Unauthenticated Remote Code Execution via Format String Injection
Title source: llmDescription
An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://www.bbraunusa.com/en.htm
Exploit, Third Party Advisory x_refsource_misc
https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/
Scores
CVSS v3
8.1
EPSS
0.0080
EPSS Percentile
51.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-134
Status
published
Products (1)
bbraun/spacecom2
< 012u000062
Published
Aug 25, 2021
Tracked Since
Feb 18, 2026