CVE-2019-25723

MEDIUM

4.0CVSS v3

—CVSS v2

0.04% EPSS (exploit probability)

CWE-1286CWE

Description

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal processor with malformed data to trigger a warm restart, causing ventilation pressure to drop to ambient level and interrupting ventilation for several seconds before therapy resumes.

CVSS v3 vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

Affected routers (0)

No routers currently mapped to this CVE in our database.

External references

NIST NVD
MITRE CVE