ICSMA-17-082-02_B. Braun Medical SpaceCom Open Redirect Vulnerability

Monitor5.4ICS-CERT ICSMA-17-082-02Mar 23, 2017

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

B. Braun SpaceStation medical devices with the SpaceCom communication module contain an open redirect vulnerability in the SpaceCom messaging feature. The vulnerability allows an attacker to craft a malicious link that, when clicked by an operator, redirects to an arbitrary external website. An attacker could use this to perform phishing attacks against clinical staff or distribute malware. The vulnerability affects SpaceStation units with integrated SpaceCom (part 8713142U, software versions prior to 012U000040) and standalone SpaceStation (part 8713140U) with installed SpaceCom module (part 8713160U, software versions prior to 012U000040). B. Braun has not released a patch for this vulnerability.

What this means

What could happen

An attacker could trick an operator into clicking a malicious link in a SpaceStation message that redirects to a phishing site or malware, potentially compromising operator credentials or the workstation itself.

Who's at risk

Healthcare facilities using B. Braun SpaceStation infusion pumps or other medical devices with the integrated SpaceCom communication module are affected. Clinical engineering and biomedical teams should assess their device inventory for affected part numbers.

How it could be exploited

The attacker crafts a link with a redirect parameter and embeds it in a message sent through SpaceCom. When an operator clicks the link, the SpaceStation application redirects them to an attacker-controlled site. No special network access or credentials are required—the attack relies on social engineering.

Prerequisites

User interaction required: operator must click a malicious link in a SpaceCom message
SpaceCom messaging feature must be in use
SpaceStation application must be running on operator workstation

no patch availablerequires user interactionlow exploit complexityaffects clinical operations workstations

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 pending

ProductAffected VersionsFix Status

SpaceStation with SpaceCom module (integrated as part number 8713142U): software< 012U000040No fix yet

SpaceStation (part number 8713140U) with installed SpaceCom module (part number 8713160U): software< 012U000040No fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDDisable or restrict use of SpaceCom messaging module if not critical to operations

HARDENINGEducate operators on the risk of clicking links in messages from untrusted sources and verify link destinations before clicking

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGImplement network-level controls (proxy/firewall rules) to block or log outbound connections to known phishing or malware domains

HOTFIXMonitor for and apply any future firmware updates from B. Braun that address this vulnerability

CVEs (1)

CVE-2017-6018

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/3fea465d-8bad-4e61-a25e-f97047325524