ByteOS Network

NVD Vulnerability Details :

CVE-2021-37167

Modified

Source-cve@mitre.org

Published At-02 Aug, 2021 | 13:15

Updated At-07 Nov, 2023 | 03:36

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of the functionality of the device.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

swisslog-healthcare>>hmi-3_control_panel_firmware>>Versions before 7.2.5.7(exclusive)

cpe:2.3:o:swisslog-healthcare:hmi-3_control_panel_firmware:*:*:*:*:*:*:*:*

swisslog-healthcare>>hmi-3_control_panel>>-

cpe:2.3:h:swisslog-healthcare:hmi-3_control_panel:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-269	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://www.armis.com/PwnedPiper	cve@mitre.org	Broken Link
https://www.swisslog-healthcare.com	cve@mitre.org	Product
https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37167-bulletin---privilege-escalation.pdf?rev=20c909e5f00048838620b52471f266fc&hash=F43731C7A882EEBB5CE28DFBC75933D3	cve@mitre.org	Vendor Advisory
https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History