CVE-2017-12716
Last modified
CVE-2017-12716 is a vulnerability of currently unknown severity. Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Abbott | Accent Firmware | < f0b.0e.7e |
| Abbott | Anthem Firmware | < f0b.0e.7e |
| Abbott | Accent Mri Firmware | < f10.08.6c |
| Abbott | Accent St Firmware | < f10.08.6c |
References
- http://www.securityfocus.com/bid/100523Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/100523Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-12716?
How severe is CVE-2017-12716?
How do I fix CVE-2017-12716?
Are you affected by CVE-2017-12716?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST