CVE-2021-37160
CRITICALHMI3 Control Panel Firmware < 7.2.5.7 - Improper Firmware Signature Verification
Title source: llmDescription
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.
References (4)
Core 4
Core References
Broken Link x_refsource_misc
https://www.armis.com/PwnedPiper
Various Sources x_refsource_misc
https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
Vendor Advisory x_refsource_misc
https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37160-bulletin---no-firmware-update-validation.pdf?rev=c7f94647037c4007992e2e626d445561&hash=E89531490070A809FB74994018BA1248
Product x_refsource_misc
https://www.swisslog-healthcare.com
Scores
CVSS v3
9.8
EPSS
0.0823
EPSS Percentile
94.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-347
Status
published
Products (1)
swisslog-healthcare/hmi-3_control_panel_firmware
< 7.2.5.7
Published
Aug 02, 2021
Tracked Since
Feb 18, 2026