<p>You are about to enter the B. Braun Melsungen AG (global) website. If you are from United States, visit the U. S. Website</p>

United States - B. Braun Medical Inc.

Global - B. Braun Melsungen AG

<p>Not all products are registered and approved for sale in all countries or regions. Indications of use may also vary by country and region. Please contact your country representative for product availability and information. Product images are for reference only.</p>

You have successfully logged out.

Friday, November 4, 2022

11/2022 B. Braun Statement on Cybersecurity Vulnerability with OpenSSL 3.0.X

B. Braun ensures high security standards throughout the product life cycle by using globally accepted standard test and verification methods. We have established processes to monitor the latest vulnerabilities, threats, or risks and will proactively implement measures as required.

1 Summary

These vulnerabilities are memory corruption issues, in which attackers may be able to execute arbitrary code on a victim’s machine. CVE-2022-3602 was originally assessed as a CRITICAL severity vulnerability, but it was downgraded to HIGH because it was deemed difficult to exploit with remote code execution (RCE).

Analysis & Action

B. Braun’s first analysis determined that NONE of our connected devices and health IT software:

Infusion system Spaceplus
Infusion system compactplus
Infusion system Space
Clinical IT Solution OnlineSuite and OnlineSuite plus
Dialog+® Dialysis Machine
OMNI® Acute Blood Purification System
Dialog iQ® Dialysis Machine

are affected.

2 Recommandations

Not applicable.

3 References

CISA: OpenSSL Releases Security Update | CISA
OpenSSL Project: OpenSSL Advisory

4 Contact & further information

Please visit our website www.bbraun.com/productsecurity for further information.

You can also contact our global security team if you have any further questions, require detailed technical information, or any other support issue concerning Cybersecurity.

You can send an email to productsecurity@bbraun.com.