cbcvebase.

Swisslog-Healthcare Hmi-3 Control Panel Firmware vulnerabilities

8 known vulnerabilities affecting swisslog-healthcare/hmi-3_control_panel_firmware.

Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH1

Vulnerabilities

Page 1 of 1
CVE-2021-37160P2CRITICALCVSS 9.8fixed in 7.2.5.72021-08-02
CVE-2021-37160 [CRITICAL] CWE-347 CVE-2021-37160: A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.
nvd
CVE-2021-37162P2CRITICALCVSS 9.8fixed in 7.2.5.72021-08-02
CVE-2021-37162 [CRITICAL] CWE-120 CVE-2021-37162: A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel oper A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote code execution.
nvd
CVE-2021-37165P2CRITICALCVSS 9.8fixed in 7.2.5.72021-08-02
CVE-2021-37165 [CRITICAL] CWE-120 CVE-2021-37165: A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel oper A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.
nvd
CVE-2021-37167P2CRITICALCVSS 9.8fixed in 7.2.5.72021-08-02
CVE-2021-37167 [CRITICAL] CWE-269 CVE-2021-37167: An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Pane An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of the functionality of the device.
nvd
CVE-2021-37161P2CRITICALCVSS 9.8fixed in 7.2.5.72021-08-02
CVE-2021-37161 [CRITICAL] CWE-120 CVE-2021-37161: A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healt A buffer overflow issue was discovered in the HMI3 Control Panel contained within the Swisslog Healthcare Nexus Panel, operated by released versions of software before Nexus Software 7.2.5.7. A buffer overflow allows an attacker to overwrite an internal queue data structure and can lead to remote code execution.
nvd
CVE-2021-37164P3CRITICALCVSS 9.8fixed in 7.2.5.72021-08-02
CVE-2021-37164 [CRITICAL] CWE-787 CVE-2021-37164: A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel oper A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow.
nvd
CVE-2021-37163P3CRITICALCVSS 9.8fixed in 7.2.5.72021-08-02
CVE-2021-37163 [CRITICAL] CWE-798 CVE-2021-37163: An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus oper An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded.
nvd
CVE-2021-37166P3HIGHCVSS 7.5fixed in 7.2.5.72021-08-02
CVE-2021-37166 [HIGH] CWE-120 CVE-2021-37166: A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslo A buffer overflow issue leading to denial of service was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When HMI3 starts up, it binds a local service to a TCP port on all interfaces of the device, and takes extensive time for the GUI to connect to the TCP soc
nvd
Swisslog-Healthcare Hmi-3 Control Panel Firmware vulnerabilities | cvebase