Vulnerability Description
A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the HMI TCP socket, it is forwarded to the hmiProcessMsg function through the pendingQ, and may lead to remote code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Swisslog-Healthcare | Hmi-3 Control Panel Firmware | < 7.2.5.7 |
| Swisslog-Healthcare | Hmi-3 Control Panel | - |
Related Weaknesses (CWE)
References
- https://www.armis.com/PwnedPiperThird Party Advisory
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customBroken Link
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
- https://www.armis.com/PwnedPiperThird Party Advisory
- https://www.swisslog-healthcare.comProduct
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customBroken Link
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve
FAQ
What is CVE-2021-37165?
CVE-2021-37165 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. When a message is sent to the H...
How severe is CVE-2021-37165?
CVE-2021-37165 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-37165?
Check the references section above for vendor advisories and patch information. Affected products include: Swisslog-Healthcare Hmi-3 Control Panel Firmware, Swisslog-Healthcare Hmi-3 Control Panel.