B. Braun Infusomat Space Large Volume Pump

Act Now9ICS-CERT ICSMA-21-294-01Oct 21, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

B. Braun Infusomat Space Large Volume Infusion Pumps contain multiple vulnerabilities in their Wi-Fi and communication modules. These vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands, alter device configuration, inject malicious data into the infusion control logic, obtain sensitive information, or overwrite firmware. Affected products include Battery Pack SP with Wi-Fi (all software versions up to L81 and U serial variants), SpaceStation with SpaceCom 2 (all software versions up to L81 and variant 012U000061), and Data Module compactPlus (versions A10 and earlier). The vulnerabilities stem from improper input validation, weak authentication mechanisms, lack of encryption on communications, and insufficient access controls.

What this means

What could happen

An attacker could gain unauthorized access to infusion pump controls without authentication, alter drug delivery setpoints, inject false sensor data, or stop the pump from operating—directly affecting patient safety during medication infusion.

Who's at risk

Healthcare facilities using B. Braun Infusomat Space Large Volume Infusion Pumps, specifically those with Battery Pack SP with Wi-Fi modules, SpaceStation with SpaceCom 2 communication controllers, or Data Module compactPlus systems. This affects any facility where these pumps are connected to hospital networks or wireless infrastructure.

How it could be exploited

An attacker on the network or with wireless access could send malicious commands to the pump's Wi-Fi interface or communication module. No authentication is required. The attacker could then execute commands as a regular user, modify device configuration, inject fake sensor data into the infusion logic, or overwrite critical pump firmware.

Prerequisites

Network access to the pump's Wi-Fi interface or to the SpaceCom 2 communication module
No valid credentials required
Pump must be connected to a wireless network or networked environment

Remotely exploitableNo authentication requiredAffects safety-critical medical deviceHigh CVSS score (9.0)Multiple attack vectorsNo patch available for all variants

Exploitability

Moderate exploit probability (EPSS 6.9%)

Affected products (5)

4 with fix1 pending

ProductAffected VersionsFix Status

Battery pack SP with WiFi: All software≤ 028U000061No fix yet

SpaceStation with SpaceCom 2: All software≤ L81012U000093 for U.S./Canada; 011L000093 outside U.S./Canada

Data module compactPlus: All softwareA10 < A11A11

Battery Pack SP with Wi-Fi: All software≤ L81028U00093 (SN ≤138852) / 054U00093 (SN ≥138853) for U.S./Canada; 027L000093 (SN <138853) / 053L000093 (SN ≥138853) outside U.S./Canada

SpaceStation with SpaceCom 2: All software≤ 012U000061012U000093 for U.S./Canada; 011L000093 outside U.S./Canada

Remediation & Mitigation

0/8

Do now

0/7

HOTFIXUpdate Battery Pack SP with Wi-Fi to software version 028U00093 (serial numbers 138852 and lower) or 054U00093 (serial numbers 138853 and higher) in the U.S./Canada

HOTFIXUpdate Battery Pack SP with Wi-Fi to software version 027L000093 (serial numbers below 138853) or 053L00093 (serial numbers 138853 and higher) outside the U.S./Canada

HOTFIXUpdate SpaceStation with SpaceCom 2 to software version 012U000093 in the U.S./Canada

HOTFIXUpdate SpaceStation with SpaceCom 2 to software version 011L000093 outside the U.S./Canada

HOTFIXUpdate Data Module compactPlus to version A11 or later

HARDENINGImplement network segmentation: place infusion pumps in a separate VLAN or DMZ protected by firewalls, preventing direct access from the internet and from general hospital networks

HARDENINGConfigure wireless networks with industry-standard encryption (WPA2/WPA3) for pump communications

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HARDENINGDeploy intrusion detection/prevention systems (IDS/IPS) on the network segment housing pump systems

CVEs (5)

CVE-2021-33886 CVE-2021-33885 CVE-2021-33882 CVE-2021-33883 CVE-2021-33884

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/28606f5f-430d-4c85-97fc-520f5fa17894