CVE-2017-12714
Last modified
CVE-2017-12714 is a vulnerability of currently unknown severity. Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Abbott | Accent Firmware | < f0b.0e.7e |
| Abbott | Anthem Firmware | < f0b.0e.7e |
| Abbott | Accent Mri Firmware | < f10.08.6c |
| Abbott | Accent St Firmware | < f10.08.6c |
| Abbott | Assurity Firmware | < f14.07.80 |
| Abbott | Allure Firmware | < f14.07.80 |
| Abbott | Assurity Mri Firmware | < f17.01.49 |
References
- http://www.securityfocus.com/bid/100523Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/100523Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12714?
How severe is CVE-2017-12714?
How do I fix CVE-2017-12714?
Are you affected by CVE-2017-12714?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST