8.8

CVE-2017-12712

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Data is provided by the National Vulnerability Database (NVD)
AbbottAccent Firmware Version < f0b.0e.7e
   AbbottAccent Version-
AbbottAnthem Firmware Version < f0b.0e.7e
   AbbottAnthem Version-
AbbottAccent Mri Firmware Version < f10.08.6c
   AbbottAccent Mri Version-
AbbottAccent St Firmware Version < f10.08.6c
   AbbottAccent St Version-
AbbottAssurity Firmware Version < f14.07.80
   AbbottAssurity Version-
AbbottAllure Firmware Version < f14.07.80
   AbbottAllure Version-
AbbottAssurity Mri Firmware Version < f17.01.49
   AbbottAssurity Mri Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.74% 0.705
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 8.3 6.5 10
AV:A/AC:L/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/100523
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01
Third Party Advisory
US Government Resource