Vulnerability Description
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Swisslog-Healthcare | Hmi-3 Control Panel Firmware | < 7.2.5.7 |
| Swisslog-Healthcare | Hmi-3 Control Panel | - |
Related Weaknesses (CWE)
References
- https://www.armis.com/PwnedPiperBroken Link
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
- https://www.armis.com/PwnedPiperBroken Link
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customVendor Advisory
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
FAQ
What is CVE-2021-37164?
CVE-2021-37164 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, th...
How severe is CVE-2021-37164?
CVE-2021-37164 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-37164?
Check the references section above for vendor advisories and patch information. Affected products include: Swisslog-Healthcare Hmi-3 Control Panel Firmware, Swisslog-Healthcare Hmi-3 Control Panel.