CVE Vulnerabilities

CVE-2021-37160

Improper Verification of Cryptographic Signature

Published: Aug 02, 2021 | Modified: Nov 07, 2023
CVSS 3.x
9.8
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.

Weakness

The product does not verify, or incorrectly verifies, the cryptographic signature for data.

Affected Software

Name Vendor Start Version End Version
Hmi-3_control_panel Swisslog-healthcare - (including) - (including)

References