4.3
CVE-2020-27282
- EPSS 0.07%
- Veröffentlicht 15.03.2021 22:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:59
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginIn Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Hamilton-medical ≫ Hamilton-t1 Firmware Version <= 2.2.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.194 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 0.7 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:P
|
CWE-112 Missing XML Validation
The product accepts XML from an untrusted source but does not validate the XML against the proper schema.