CVE-2019-18254
Last modified
CVE-2019-18254 is a medium-severity vulnerability rated 4.6/10 on the CVSS scale. BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.. EPSS estimates a 0.23% chance of exploitation in the next 30 days.
Description
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Biotronik | Cardiomessenger Ii-S Gsm Firmware | 2.20 |
| Biotronik | Cardiomessenger Ii-S T-Line Firmware | 2.20 |
References
- https://www.us-cert.gov/ics/advisories/icsma-20-170-05Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-20-170-05Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-18254?
How severe is CVE-2019-18254?
How do I fix CVE-2019-18254?
Are you affected by CVE-2019-18254?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST