Vulnerability Description
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malformed UDP message, a buffer underflow occurs, leading to an out-of-bounds copy and possible remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Swisslog-Healthcare | Hmi-3 Control Panel Firmware | < 7.2.5.7 |
| Swisslog-Healthcare | Hmi-3 Control Panel | - |
Related Weaknesses (CWE)
References
- https://www.armis.com/PwnedPiperThird Party Advisory
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
- https://www.armis.com/PwnedPiperThird Party Advisory
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
FAQ
What is CVE-2021-37162?
CVE-2021-37162 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. If an attacker sends a malforme...
How severe is CVE-2021-37162?
CVE-2021-37162 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-37162?
Check the references section above for vendor advisories and patch information. Affected products include: Swisslog-Healthcare Hmi-3 Control Panel Firmware, Swisslog-Healthcare Hmi-3 Control Panel.