CVE-2020-15484

Published: Aug 26, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering.

Affected (1)

Products: Niscomed: M1000 Multipara Patient Monitor Firmware

Niscomed

1 product

M1000 Multipara Patient Monitor Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Niscomed M1000 Multipara Patient Monitor Firmware	All versions

Running on/with	Platform Versions
Niscomed M1000 Multipara Patient Monitor	All versions

Related CWEs

CWE-312

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://payatu.com/advisory/lack-of-medical-data-encryption-in-niscomed-patient-monitor

Source: cve@mitre.org

Third Party Advisory

https://www.niscomed.com/multipara-monitor.html

Source: cve@mitre.org

Product

https://payatu.com/advisory/lack-of-medical-data-encryption-in-niscomed-patient-monitor

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.niscomed.com/multipara-monitor.html

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.