fkie_cve-2017-12714
Vulnerability from fkie_nvd
Published
2018-04-25 13:29
Modified
2024-11-21 03:10
Severity ?
Summary
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100523 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100523 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| abbott | accent_firmware | * | |
| abbott | accent | - | |
| abbott | anthem_firmware | * | |
| abbott | anthem | - | |
| abbott | accent_mri_firmware | * | |
| abbott | accent_mri | - | |
| abbott | accent_st_firmware | * | |
| abbott | accent_st | - | |
| abbott | assurity_firmware | * | |
| abbott | assurity | - | |
| abbott | allure_firmware | * | |
| abbott | allure | - | |
| abbott | assurity_mri_firmware | * | |
| abbott | assurity_mri | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF25F4E-CF32-41A5-9AEC-5CF2A1D70732",
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7261AA88-1BD6-4CDF-AFC0-31FD7F52B9E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C940D7-5EA3-4D42-8FFE-0C38D2D0065E",
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B28402F-D4DF-448B-8ED3-676E0B438331",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC7CD6D-57F8-4479-A25C-9B9937FD3793",
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C752B8AA-8990-43DE-AB8B-57329E1E0AE1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCA1805-9253-4267-ACE9-B9F3BBB1549A",
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794620AF-C8D5-4511-B4AF-5E8B4347F558",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BF37E32-78D2-48CD-BF19-17533E3CB5DF",
"versionEndExcluding": "f14.07.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83B2EBFC-FB8A-402E-8C5C-118D4362B143",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "858B3E80-0179-4AD7-BC32-3AA87A7341C6",
"versionEndExcluding": "f14.07.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65B30268-EC36-42C3-8028-D345DC22A3DC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95E52CB5-DB4A-42FE-B963-CE891D3C1A95",
"versionEndExcluding": "f17.01.49",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43025EB2-8644-4BC5-BC3D-D67305C504B7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
},
{
"lang": "es",
"value": "Los marcapasos de Abbott Laboratories fabricados antes del 28 de agosto de 2017 no restringen o limitan el n\u00famero de comandos \"RF wake-up\" formateados correctamente que pueden recibir. Esto puede permitir que un atacante cercano env\u00ede comandos repetidamente para reducir la bater\u00eda del marcapasos. Puntuaci\u00f3n base de CVSS v3: 5.3, cadena de vector CVSS: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott ha desarrollado una actualizaci\u00f3n de firmware para ayudar a mitigar las vulnerabilidades identificadas."
}
],
"id": "CVE-2017-12714",
"lastModified": "2024-11-21T03:10:04.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-25T13:29:00.287",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100523"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-920"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-920"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…