CVE-2021-33886

HIGH

Bbraun Spacecom2 < 012u000062 - Format String Vulnerability

Title source: rule

Description

An improper sanitization of input vulnerability in B. Braun SpaceCom2 prior to 012U000062 allows a remote unauthenticated attacker to gain user-level command-line access by passing a raw external string straight through to printf statements. The attacker is required to be on the same network as the device.

References (2)

[Broken Link] https://www.bbraunusa.com/en.htm

[Exploit, Third Party Advisory] https://www.mcafee.com/blogs/enterprise/mcafee-enterprise-atr/mcafee-enterprise-atr-uncovers-vulnerabilities-in-globally-used-b-braun-infusion-pump/

Scores

CVSS v3 8.1

EPSS 0.0257

EPSS Percentile 85.6%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-134

Status published

Products (1)

bbraun/spacecom2 < 012u000062

Published Aug 25, 2021

Tracked Since Feb 18, 2026