Vulnerability Description
A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation (e.g., cryptographic signature validation) during a File Upload for a firmware update.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Swisslog-Healthcare | Hmi-3 Control Panel Firmware | < 7.2.5.7 |
| Swisslog-Healthcare | Hmi-3 Control Panel | - |
Related Weaknesses (CWE)
References
- https://www.armis.com/PwnedPiperBroken Link
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
- https://www.armis.com/PwnedPiperBroken Link
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
FAQ
What is CVE-2021-37160?
CVE-2021-37160 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware valida...
How severe is CVE-2021-37160?
CVE-2021-37160 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-37160?
Check the references section above for vendor advisories and patch information. Affected products include: Swisslog-Healthcare Hmi-3 Control Panel Firmware, Swisslog-Healthcare Hmi-3 Control Panel.