CVE-2021-37164
CRITICALSwisslog Healthcare HMI-3 Control Panel Firmware < 7.2.5.7 - Stack-Based Buffer Overflow in tcpTxThread
Title source: llmDescription
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow.
References (4)
Core 4
Core References
Product x_refsource_misc
https://www.swisslog-healthcare.com
Broken Link x_refsource_misc
https://www.armis.com/PwnedPiper
Scores
CVSS v3
9.8
EPSS
0.0340
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-787
Status
published
Products (1)
swisslog-healthcare/hmi-3_control_panel_firmware
< 7.2.5.7
Published
Aug 02, 2021
Tracked Since
Feb 18, 2026