CVE-2019-18252

Published: Jun 29, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.

Affected (2)

Products: Biotronik: Cardiomessenger Ii S Gsm Firmware, Cardiomessenger Ii S T Line Firmware

2 products

Cardiomessenger Ii S Gsm Firmware

Cardiomessenger Ii S T Line Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Biotronik Cardiomessenger Ii S Gsm Firmware	Version 2.20

Running on/with	Platform Versions
Biotronik Cardiomessenger Ii S Gsm	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Biotronik Cardiomessenger Ii S T Line Firmware	Version 2.20

Running on/with	Platform Versions
Biotronik Cardiomessenger Ii S T Line	All versions

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.us-cert.gov/ics/advisories/icsma-20-170-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://www.us-cert.gov/ics/advisories/icsma-20-170-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.