Risk Scores
CVSS v3.1
10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hardware XKM3000 L MED | ||
| Firmware <=1.9.x |
Timeline
- Jul 8, 2020 CVE Published
- May 14, 2025 CVE Updated
For process data documentation purposes the laboratory washers, thermal disinfectors and washer-disinfectors can be integrated in a TCP/IP network by utilizing the affected communication module. The communication module is separate from the actual device control and uses a chipset from Digi International. The TCP / IP stack required for networking is implemented in this chipset with the help of a 3rd party library from Treck. External security researchers have identified several security holes in this library called Ripple20. The most critical vulnerability allows an external attacker to execute arbitrary code on the chip and thus also on the communication module. The above named communication module can be integrated into the following laboratory washers, thermal disinfectors and washer- disinfectors: - PG 8581 - PG 8582 - PG 8583 - PG 8583 CD - PG 8591 - PG 8582 CD - PG 8592 - PG 8593 - PG 8562
| Vendor | Product | Versions |
|---|---|---|
| Hardware XKM3000 L MED | ||
| Firmware <=1.9.x |