You have successfully logged out.

Hello !
chevron_right My profile
chevron_right To My B. Braun overview
Logout

No content results match your keyword.

Content

    No product results match your keyword.

    Products

      Wednesday, February 24, 2021

      02/2021 OnlineSuite WiBu CodeMeter multiple vulnerabilities

      B. Braun ensures high security standards throughout the product life cycle by using globally accepted standard test and verification methods. We have established processes to monitor the latest vulnerabilities, threats, or risks and will proactively implement measures as required.

      1       Executive Summary

      • CVSS v3:  9.8
      • ATTENTION: Exploitable remotely via the internal network, high skill level needed to exploit, Patient safety is not affected
      • Vendor: B. Braun Melsungen AG
      • Equipment: OnlineSuite
      • Vulnerabilities: Buffer Access with Incorrect Length Value, Improper Input Validation, Improper Verification of Cryptographic Signature, Origin Validation Error, Inadequate Encryption Strength, Improper Resource Shutdown or Release

         

      2       Risk Evaluation

      Vulnerabilities were found in a 3rd-party software delivered with the OnlineSuite. Successful exploitation of these vulnerabilities could allow an attacker to alter and forge a license file, cause a denial-of-service condition, potentially attain remote code execution, read heap data, and prevent normal operation of third-party software dependent on the CodeMeter. 

      Note that all listed vulnerabilities are in the server-side software that is separated from the infusion pumps and affects only the 3rd party software. Safety of patients or users is not affected by these vulnerabilities.

       

       

      3      Technical Details

      3.1 Affected Products

      The following versions of B. Braun products are affected:

      • OnlineSuite AP 2.1.2, 3.0
         

      3.2 Vulnerability Overview

      3.2.1 Buffer Access with Incorrect Length Value (CVE-2020-14509)

      Multiple memory corruption vulnerabilities exist where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities.

      3.2.2 Improper Input Validation (CVE-2020-14513)

      CVE-2020-14513: CodeMeter and the software using it may crash while processing a specifically crafted license file due to unverified length fields. Can lead to Denial of Service of the OnlineSuite.

      3.2.3 Improper Verification of Cryptographic Signature (CVE-2020-14515)   

      CVE-2020-14515: There is an issue in the license-file signature checking mechanism, which allows attackers to build arbitrary license files.

      3.2.4 Origin Validation Error (CVE-2020-14519)

      CVE-2020-14519: This vulnerability allows an attacker to use the internal WebSockets API via a specifically crafted Java Script payload, which may allow alteration or creation of license files when combined with CVE-2020-14515.

      3.2.5 Inadequate Encryption Strength (CVE-2020-14517)

      CVE-2020-14517: Protocol encryption can be easily broken, and the server accepts external connections, which may allow an attacker to remotely communicate with the CodeMeter API.

      3.2.6 Improper Resource Shutdown or Release (CVE-2020-16233)

      CVE-2020-16233: An attacker could send a specially crafted packet that could have the server send back packets containing data from the heap 

       

      ICSA-20-203-01, including CVE-2020-14509, CVE-2020-14517, CVE-2020-14519, CVE-2020-14513, CVE-2020-14515, CVE-2020-16233 was published on this matter. The maximum CVSS v3 base score is 9.8, the CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
       

      3.3 Background

      • Critical Infrastructure Sectors: Healthcare and Public Health 
      • Countries/Areas Deployed: Worldwide 
      • Company Headquarters Location: Germany 
         

      3.4 Researcher

      N/A

       

      4      Mitigations

      B. Braun recommends applying updates:

      • OnlineSuite Field Service Information AIS01/21

      As a general security measure, B. Braun recommends protecting the network with appropriate mechanisms:

      • Ensure the medical devices are not accessible directly from the internet!
      • Use a firewall and isolate the medical devices from the business network. 

      Further information concerning the issues can be found at https://us-cert.cisa.gov/ics/advisories/icsa-20-203-01

      The B. Braun advisory is available at bbraun.com/productsecurity. Please contact your local B. Braun organization to request further help. 

       

      5       Contact Information

      If you have any additional information regarding the security of our products, please contact your local B. Braun representative or directly productsecurity@bbraun.com. 

      If you are a B. Braun customer and need support in mitigating the abovementioned vulnerabilities, contact your local B. Braun representative.

      Take part in our customer survey

      Your feedback matters! Participate in our customer survey to help us enhance our website, products and services. Thank you for your support!

      Start survey