CVE-2019-18254

EPSS 0.03%
Veröffentlicht 29.06.2020 14:15:10
Zuletzt bearbeitet 21.11.2024 04:32:55
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Biotronik ≫ Cardiomessenger Ii-s Gsm Firmware Version2.20

Biotronik ≫ Cardiomessenger Ii-s Gsm Version-

Biotronik ≫ Cardiomessenger Ii-s T-line Firmware Version2.20

Biotronik ≫ Cardiomessenger Ii-s T-line Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.054

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

https://www.us-cert.gov/ics/advisories/icsma-20-170-05

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-18254

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18254

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18254

EUVD