CVE-2022-41627

EPSS 0.01%
Published 27.10.2022 21:15:15
Last modified 21.11.2024 07:23:31
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.

Affected products Warnungen 0 Metrics 3 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Alivecor ≫ Kardiamobile Firmware Version-

Alivecor ≫ Kardiamobile Version-

Alivecor ≫ Kardiamobile 6l Firmware Version-

Alivecor ≫ Kardiamobile 6l Version-

Alivecor ≫ Kardiamobile Card Firmware Version-

Alivecor ≫ Kardiamobile Card Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.007

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.6	2.8	4.7	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
ics-cert@hq.dhs.gov	4.8	0.5	4.2	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2022-41627

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-41627

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-41627

EUVD