Lucene search

[email protected]NVD:CVE-2020-25170

HistoryNov 06, 2020 - 5:15 p.m.

CVE-2020-25170

2020-11-0617:15:11

CWE-1236

[email protected]

web.nvd.nist.gov

excel

macro injection

b. braun

onlinesuite

vulnerability

export

input fields

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.

Affected configurations

Nvd

Node

bbraunonlinesuite_application_packageRange≤3.0

VendorProductVersionCPE
bbraunonlinesuite_application_package*cpe:2.3:a:bbraun:onlinesuite_application_package:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bbraun	onlinesuite_application_package	*	cpe:2.3:a:bbraun:onlinesuite_application_package::::::::

References

us-cert.cisa.gov/ics/advisories/icsma-20-296-01

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for NVD:CVE-2020-25170

cvelist1 cve1 prion1 ics1