ICS-CERT Raw Data
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

View only
 
 
ABCDEFGHIJKLMNOPQRSTUVWXYZAAABACADAEAFAGAHAIAJAK
1
Advisory_IDURLICSMA/ICSACodeVendor
Timeline Relative to FDA Guidance
ProductCVSS ScoreMean CVSS for AdvisoryNVD Low/Medium/High/Critical
CVSS Version for Scoring
Vuln IDVulnerability DescriptionRoot CauseResearcher Explicitly Referenced
2
1
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
ICSMA18-156-01PhilipsPost - FDAIntelliVue and Avalon8.38.3High
Ver 3 Base Score
CWE-287The vulnerability allows an unauthenticated attacker to access memory (“write-what-where”) from an attacker-chosen device address within the same subnet.User Authentication
3
1
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
ICSMA18-156-01PhilipsPost - FDAIntelliVue and Avalon6.46.4Medium
Ver 3 Base Score
CWE-200The vulnerability allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.User Authentication
4
1
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
ICSMA18-156-01PhilipsPost - FDAIntelliVue and Avalon8.28.2High
Ver 3 Base Score
CWE-121The vulnerability exposes an “echo” service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.Code Defect
5
2https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01ICSMA18-179-01MedtronicPost - FDAMyCareLink6.46.4Medium
Ver 3 Base Score
CWE-259The affected product contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating systemOperating System
6
2https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01ICSMA18-179-01MedtronicPost - FDAMyCareLink6.26.2Medium
Ver 3 Base Score
CWE-749This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.System Configuration
7
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software7.57.5High
Ver 3 Base Score
CWE-125A specially-crafted packet may be able to cause an out-of-bounds read, which may result in a denial-of-service condition.Code Defect
8
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software7.57.5High
Ver 3 Base Score
CWE-125A specially-crafted packet may cause an out-of-bounds read, which may result in a denial-of-service condition.Code Defect
9
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software99Critical
Ver 3 Base Score
CWE-121A specially-crafted packet received during the execution of certain commands can cause memory to be overwritten in a way that could allow an attacker to take control of the program.Code Defect
10
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software1010Critical
Ver 3 Base Score
CWE-121An error in the way the program parses data structures may allow an attacker to take control of the system by sending it a specially-crafted packet.Code Defect
11
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software1010Critical
Ver 3 Base Score
CWE-121An attacker may cause a buffer overflow by sending a specially-crafted packet to the affected product while the product attempts to open a file requested by the client.Code Defect
12
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software1010Critical
Ver 3 Base Score
CWE-121A specially-crafted packet takes advantage of the way the program parses data structures and may cause a buffer overflow, which may allow remote execution of arbitrary code.Code Defect
13
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software7.57.5High
Ver 3 Base Score
CWE-125A specially-crafted packet may cause an out-of-bounds read, which may result in a denial-of-service condition.Code Defect
14
3
https://ics-cert.us-cert.gov/advisories/ICSMA-18-165-01
ICSMA18-165-01Natus Medical, Inc.Post - FDAXltek NeuroWorks software7.57.5High
Ver 3 Base Score
CWE-125A specially-crafted packet may cause an out-of-bounds read, which may result in a denial-of-service condition.Code Defect
15
4
https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01
ICSMA18-144-01BeaconMedaesPost - FDAScroll Medical Air Systems7.57.5High
Ver 3 Base Score
CWE-256Passwords are presented in plaintext in a file that is accessible without authentication.Encryption
16
4
https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01
ICSMA18-144-01BeaconMedaesPost - FDAScroll Medical Air Systems5.35.3Medium
Ver 3 Base Score
CWE-284By accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. User Authentication
17
4
https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01
ICSMA18-144-01BeaconMedaesPost - FDAScroll Medical Air Systems7.57.5High
Ver 3 Base Score
CWE-522An attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.User Authentication
18
5
https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01
ICSMA18-142-01
Becton, Dickinson and Company (BD)
Post - FDA
BD Kiestra and InoqulA systems
5.65.6Medium
Ver 3 Base Score
CWE-356A vulnerability in DB Manager and PerformA allows an authorized user with access to a privileged account on a BD Kiestra system to issue SQL commands, which may result in data corruption.Code Defect
19
5
https://ics-cert.us-cert.gov/advisories/ICSMA-18-142-01
ICSMA18-142-01
Becton, Dickinson and Company (BD)
Post - FDA
BD Kiestra and InoqulA systems
6.36.3Medium
Ver 3 Base Score
CWE-356A vulnerability in ReadA allows an authorized user with access to a privileged account on a BD Kiestra system to issue SQL commands, which may result in loss or corruption of data.Code Defect
20
6
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01
ICSMA18-137-01MedtronicPost - FDAN’Vision Clinician Programmer4.64.6Medium
Ver 3 Base Score
CWE-311The affected product does not encrypt the following sensitive information while at rest:
PII – Personally Identifiable Information. Some combination of personal data that enables the unique identification of an individual. PII is defined as “information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.”
PHI – Protected Health Information. Some combination of PII and associated health related data.
EncryptionYes
21
6
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01
ICSMA18-137-01MedtronicPost - FDAN’Vision Clinician Programmer6.36.3Medium
Ver 3 Base Score
CWE-693The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.Code DefectYes
22
7
https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01
ICSMA18-128-01
Silex Technology, GE Healthcare
Post - FDASX-500, SD-320AN, MobileLink6.56.5Medium
Ver 3 Base Score
CWE-287Authentication is not verified when making certain POST requests, which may allow attackers to modify system settings.User AuthenticationYes
23
7
https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01
ICSMA18-128-01
Silex Technology, GE Healthcare
Post - FDASX-500, SD-320AN, MobileLink7.47.4High
Ver 3 Base Score
CWE-78A system call parameter is not properly sanitized, which may allow remote code execution.Code DefectYes
24
8
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01
ICSMA18-123-01PhilipsPost - FDABrilliance CT Scanners6.16.1Medium
Ver 3 Base Score
CWE-668Vulnerabilities within the Brilliance CT kiosk environment could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.Operating System
25
8
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01
ICSMA18-123-01PhilipsPost - FDABrilliance CT Scanners8.48.4High
Ver 3 Base Score
CWE-798The software contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.User Authentication
26
8
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01
ICSMA18-123-01PhilipsPost - FDABrilliance CT Scanners6.16.1Medium
Ver 3 Base Score
CWE-250Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system.Operating System
27
9
https://ics-cert.us-cert.gov/advisories/ICSMA-18-114-01
ICSMA18-114-01
Becton, Dickinson and Company (BD)
Post - FDABD Pyxis 6.86.8Medium
Ver 3 Base Score
CWE-323An industry-wide vulnerability exists in the WPA and WPA2 protocol affected by the Key Reinstallation Attacks known as KRACK. The four-way hand shake traffic in the Wi-Fi Protected Access WPA and WPA2 protocol can be manipulated to allow nonce reuse resulting in key reinstallation. This could allow an attacker to execute a “man-in-the-middle” attack, enabling the attacker within radio range to replay, decrypt, or spoof frames.Encryption
28
10
https://ics-cert.us-cert.gov/advisories/ICSMA-18-107-01
ICSMA18-107-01
Abbott Laboratories
Post - FDA
Implantable Cardioverter Defibrillator and Cardiac Synchronization Therapy Defibrillator
7.57.5High
Ver 3 Base Score
CWE-287The device’s authentication algorithm, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the ICD or CRT-D via RF communications.User Authentication
29
10
https://ics-cert.us-cert.gov/advisories/ICSMA-18-107-01
ICSMA18-107-01
Abbott Laboratories
Post - FDA
Implantable Cardioverter Defibrillator and Cardiac Synchronization Therapy Defibrillator
5.35.3Medium
Ver 3 Base Score
CWE-920The ICDs and CRT-Ds do not restrict or limit the number of correctly formatted “RF wake-up” commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce device battery life.Code Defect
30
11
https://ics-cert.us-cert.gov/advisories/ICSMA-18-107-02
ICSMA18-107-02
Biosense Webster Inc. (BWI) / Johnson & Johnson
Post - FDACARTO 3 SystemsTM1BWI reported controlled risks in the CARTO 3 System related to operating system vulnerabilities and outdated anti-virus signatures.Operating System
31
12
https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01
ICSMA18-088-01PhilipsPost - FDAiSite and IntelliSpace PACS2 - 106Medium
Ver 3 Base Score
CWE-928The software contains vulnerabilities within this category that include common weakness in improper neutralization of special elements used in an OS command or ‘OS command injection’ (CWE-78), failure to preserve web page structure or ‘cross-site scripting’ (CWE-79), improper authentication (CWE-287), improper certificate validation (CWE-295), clear text transmission of sensitive information (CWE-319), and insufficient session expiration (CWE-613). As a result, an attacker may be able to access unauthorized resources or execute unauthorized instructions or code.Operating System
32
12
https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01
ICSMA18-088-01PhilipsPost - FDAiSite and IntelliSpace PACS2.1 - 106.05Medium
Ver 3 Base Score
CWE-17The software contains vulnerabilities typically introduced from code development or from the integration of third-party components that might typically be controlled, mitigated, or remediated during design, development, or implementation of the software. Code Defect
33
12
https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01
ICSMA18-088-01PhilipsPost - FDAiSite and IntelliSpace PACS1.2 - 7.54.35Medium
Ver 3 Base Score
CWE-200An information exposure is the intentional or unintentional disclosure of information to an actor not explicitly authorized to have access to that information. As a result, an attacker may be able to read or enable unauthorized disclosure of sensitive information.User Authentication
34
12
https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01
ICSMA18-088-01PhilipsPost - FDAiSite and IntelliSpace PACS7.5 - 108.75High
Ver 3 Base Score
CWE-94The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. As a result, an attacker may be able to execute unauthorized instructions or code.Third Party Library (Misc)
35
12
https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01
ICSMA18-088-01PhilipsPost - FDAiSite and IntelliSpace PACS55Medium
Ver 3 Base Score
CWE-611The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.Third Party Library (Misc)
36
12
https://ics-cert.us-cert.gov/advisories/ICSMA-18-088-01
ICSMA18-088-01PhilipsPost - FDAiSite and IntelliSpace PACS5 - 107.5High
Ver 3 Base Score
CWE-119Certain languages allow direct addressing of memory locations and do not automatically ensure these locations are valid for the memory buffer being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data. As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crashCode Defect
37
13
https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01
ICSMA18-086-01PhilipsPost - FDAAlice 65.35.3Medium
Ver 3 Base Score
CWE-287When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code.User Authentication
38
13
https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01
ICSMA18-086-01PhilipsPost - FDAAlice 65.35.3Medium
Ver 3 Base Score
CWE-311The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.Encryption
39
14
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02
ICSMA18-037-02GEPost - FDAOptima 520, which are medical imaging systems, all versions,
Optima 540, which are medical imaging systems, all versions,
Optima 640, which are medical imaging systems, all versions,
Optima 680, which are medical imaging systems, all versions,
Discovery NM530c, which is a nuclear medical imaging system, versions prior to Version 1.003,
Discovery NM750b, which is a dedicated breast imaging system, versions prior to Version 2.003,
Discovery XR656 and Discovery XR656 Plus, which are digital radiographic imaging systems, all versions,
Revolution XQ/i, which is a medical imaging system, all versions,
THUNIS-800+, which is a stationary diagnostic radiographic and fluoroscopic X-ray system, all versions,
Centricity PACS Server, which is used to support a medical imaging archiving and communication system, all versions,
Centricity PACS RA1000, which is used for diagnostic image analysis, all versions,
Centricity PACS-IW, which is an integrated web-based system for medical imaging, all versions including Version 3.7.3.7 and Version 3.7.3.8,
Centricity DMS, which is a data management software, all versions,
Discovery VH / Millenium VG, which are nuclear medical imaging systems, all versions,
eNTEGRA 2.0/2.5 Processing and Review Workstation, which is a nuclear medicine workstation for displaying, archiving, and communicating medical imaging, all versions,
CADstream, which is a medical imaging software, all versions,
Optima MR360, which is a medical imaging system, all versions,
GEMNet License server (EchoServer), all versions,
Image Vault 3.x medical imaging software, all versions,
Infinia / Infinia with Hawkeye 4 / 1, which are medical imaging systems, all versions,
Millenium MG / Millenium NC / Millenium MyoSIGHT, which are nuclear medical imaging systems, all versions,
Precision MP/i, which is a medical imaging system, all versions, and
Xeleris 1.0 / 1.1 / 2.1 / 3.0 / 3.1, which are medical imaging workstations, all versions.
9.89.8Critical
Ver 3 Base Score
CWE-287The affected devices use default or hard-coded credentials.User AuthenticationYes
40
15
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01
ICSMA18-058-01MedtronicPost - FDA2090 CareLink Programmer4.94.9Medium
Ver 3 Base Score
CWE-257The affected product uses a per-product username and password that is stored in a recoverable format.User AuthenticationYes
41
15
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01
ICSMA18-058-01MedtronicPost - FDA2090 CareLink Programmer4.84.8Medium
Ver 3 Base Score
CWE-23The affected product’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.User AuthenticationYes
42
15
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-01
ICSMA18-058-01MedtronicPost - FDA2090 CareLink Programmer7.17.1High
Ver 3 Base Score
CWE-923The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the programmer could influence these communications.User AuthenticationYes
43
16
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
ICSMA18-058-02PhilipsPost - FDAIntelliSpace Portal5.9-8.17High
Ver 3 Base Score
CWE-20The ISP has multiple input validation vulnerabilities that could allow a remote attacker to execute arbitrary code or cause the application to crash.User Authentication
44
16
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
ICSMA18-058-02PhilipsPost - FDAIntelliSpace Portal6.4-7.87.1High
Ver 3 Base Score
CWE-264The ISP has multiple permission, privilege and access control vulnerabilities that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.User Authentication
45
16
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
ICSMA18-058-02PhilipsPost - FDAIntelliSpace Portal7.87.8High
Ver 3 Base Score
CWE-428An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.Code Defect
46
16
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
ICSMA18-058-02PhilipsPost - FDAIntelliSpace Portal3.1-6.54.8Medium
Ver 3 Base Score
CWE-310The ISP has multiple cryptographic vulnerabilities that could allow an attacker to gain unauthorized access to resources and information.User Authentication
47
16
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
ICSMA18-058-02PhilipsPost - FDAIntelliSpace Portal5.95.9Medium
Ver 3 Base Score
CWE-200The ISP has multiple information exposure vulnerabilities that could allow an attacker to gain unauthorized access to sensitive informationMisc
48
16
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
ICSMA18-058-02PhilipsPost - FDAIntelliSpace Portal5.35.3Medium
Ver 3 Base Score
CWE-489The ISP has a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.System Configuration
49
17
https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-01
ICSMA18-037-01VyairePost - FDACareFusion upgrade utility6.76.7Medium
Ver 3 Base Score
CWE-427A successful exploit of this vulnerability requires the local user to install a crafted DLL on the target machine. The application loads the DLL and gives the attacker access at the same privilege level as the application.Code DefectYes
50
18
https://ics-cert.us-cert.gov/advisories/ICSMA-18-025-01
ICSMA18-025-01PhilipsPost - FDAIntelliSpace Cardiovascular6.76.7Medium
Ver 3 Base Score
CWE-613The ISCV application has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information.Code Defect
51
19
https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01
ICSMA17-332-01
Ethicon Endo-Surgery / Johnson & Johnson
Post - FDA
Ethicon Endo-Surgery Generator Gen11
4.84.8Medium
Ver 3 Base Score
CVE-2017-14018
The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.User Authentication
52
20
https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01
ICSMA17-318-01PhilipsPost - FDA
IntelliSpace Cardiovascular and Xcelera
7.27.2High
Ver 3 Base Score
CWE-522Credentials are stored in cleartext in system files that may allow an attacker with elevated privileges to gain unauthorized access to data to include patient health information, system resources, and misuse of connected assets.User Authentication
53
21
https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01
ICSMA17-255-01PhilipsPost - FDAIntelliView MX40 6.56.5Medium
Ver 3 Base Score
CVE-2017-9657Under specific 802.11 network conditions, a partial re-association of the MX40 WLAN monitor to the central monitoring station is possible.Code Defect
54
21
https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01
ICSMA17-255-01PhilipsPost - FDAIntelliView MX40 6.56.5Medium
Ver 3 Base Score
CVE-2017-9658Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the MX40 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff.Code Defect
55
22
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-01
ICSMA17-250-01i-SENSPost - FDA
SmartLog Diabetes Management Software
7.37.3High
Ver 3 Base Score
CVE-2017-13993
An uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system. This vulnerability does not affect the connected blood glucose monitor and would not impact delivery of therapy to the patient.Code DefectYes
56
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
7.57.5High
Ver 3 Base Score
CVE-2017-12721
The pump does not validate host certificate, leaving the pump vulnerable to a man-in-the-middle (MITM) attack.User AuthenticationYes
57
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
3.73.7Low
Ver 3 Base Score
CVE-2017-12723
The pump stores some passwords in the configuration file, which are accessible if the pump is configured to allow external communications.User AuthenticationYes
58
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
9.89.8Critical
Ver 3 Base Score
CVE-2017-12725
The pump with default network configuration uses hard-coded credentials to automatically establish a wireless network connection. The pump will establish a wireless network connection even if the pump is Ethernet connected and active; however, if the wireless association is established and the Ethernet cable is attached, the pump does not attach the network stack to the wireless network. In this scenario, all network traffic is instead directed over the wired Ethernet connection.User AuthenticationYes
59
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
8.18.1High
Ver 3 Base Score
CVE-2017-12724
The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.User AuthenticationYes
60
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
8.18.1High
Ver 3 Base Score
CVE-2017-12724
The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pump is configured to allow FTP connections.User AuthenticationYes
61
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
5.65.6Medium
Ver 3 Base Score
CVE-2017-12726
Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medical assesses that it is not possible to upload files via Telnet and the impact of this vulnerability is limited to the communications module.User AuthenticationYes
62
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
8.18.1High
Ver 3 Base Score
CVE-2017-12718
A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote code execution on the target device. The pump receives the potentially malicious input infrequently and under certain conditions, increasing the difficulty of exploitation.Third Party Library (Misc)Yes
63
23
https://ics-cert.us-cert.gov/advisories/ICSMA-17-250-02A
ICSMA17-250-02ASmiths MedicalPost - FDA
Medfusion 4000 Wireless Syringe
5.35.3Medium
Ver 3 Base Score
CVE-2017-12722
A third-party component used in the pump reads memory out of bounds, causing the communications module to crash. Smiths Medical assesses that the crash of the communications module would not impact the operation of the therapeutic module.Third Party Library (Misc)Yes
64
24
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01
ICSMA17-241-01
Abbott Laboratories
Post - FDA
Accent/Anthem,
Accent MRI,
Assurity/Allure, and
Assurity MRI
7.57.5High
Ver 3 Base Score
CVE-2017-12712
The pacemaker’s authentication algorithm, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications.User Authentication
65
24
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01
ICSMA17-241-01
Abbott Laboratories
Post - FDA
Accent/Anthem,
Accent MRI,
Assurity/Allure, and
Assurity MRI
3.13.1Low
Ver 3 Base Score
CVE-2017-12716
The Accent and Anthem pacemakers transmit unencrypted patient information via RF communications to programmers and home monitoring units. The Assurity and Allure pacemakers do not contain this vulnerability. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption; however, the Assurity and Allure pacemakers encrypt stored patient information.Encryption
66
24
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01
ICSMA17-241-01
Abbott Laboratories
Post - FDA
Accent/Anthem,
Accent MRI,
Assurity/Allure, and
Assurity MRI
5.35.3Medium
Ver 3 Base Score
CVE-2017-12714
The pacemakers do not restrict or limit the number of correctly formatted “RF wake-up” commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life.Code Defect
67
25
https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01
ICSMA17-229-01PhilipsPost - FDADoseWise Portal9.19.1Critical
Ver 3 Base Score
CVE-2017-9656The backend database of the DWP application uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI.User Authentication
68
25
https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01
ICSMA17-229-01PhilipsPost - FDADoseWise Portal6.56.5Medium
Ver 3 Base Score
CVE-2017-9654The web-based application stores login credentials in clear text within backend system files.User Authentication
69
26
https://ics-cert.us-cert.gov/advisories/ICSMA-17-227-01
ICSMA17-227-01BMCPost - FDALuna CPAP Machine4.64.6Medium
Ver 3 Base Score
CVE-2017-12701
An improper input validation vulnerability has been identified, which may allow an authenticated attacker to crash the CPAP’s Wi-Fi module resulting in a denial-of-service condition.
Note that the vulnerability affects only the Wi-Fi module; the device can continue delivering therapy even after the Wi-Fi module has crashed.
Code Defect
70
27
https://ics-cert.us-cert.gov/advisories/ICSMA-17-215-01
ICSMA17-215-01SiemensPost - FDAPET/CT
SPECT/CT
9.89.8Critical
Ver 3 Base Score
CVE-2017-7269An unauthenticated remote attacker could execute arbitrary code with the permissions of the web server by sending a specially crafted HTTP request to the WebDAV service.User Authentication
71
27
https://ics-cert.us-cert.gov/advisories/ICSMA-17-215-01
ICSMA17-215-01SiemensPost - FDAPET/CT
SPECT/CT
9.89.8Critical
Ver 3 Base Score
CVE-2008-4250An unauthenticated remote attacker could execute arbitrary code via a specially crafted remote procedure call (RPC) request sent to the server service of affected Microsoft Windows systems.Operating System
72
28
https://ics-cert.us-cert.gov/advisories/ICSMA-17-215-02
ICSMA17-215-02SiemensPost - FDAPET/CT
SPECT/CT
9.89.8Critical
Ver 3 Base Score
CVE-2015-1497An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server (Port 80/TCP and Port 443/TCP) of affected devices.Operating System
73
28
https://ics-cert.us-cert.gov/advisories/ICSMA-17-215-02
ICSMA17-215-02SiemensPost - FDAPET/CT
SPECT/CT
9.89.8Critical
Ver 3 Base Score
CVE-2015-7860An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.User Authentication
74
28
https://ics-cert.us-cert.gov/advisories/ICSMA-17-215-02
ICSMA17-215-02SiemensPost - FDAPET/CT
SPECT/CT
9.89.8Critical
Ver 3 Base Score
CVE-2015-1635An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server (Port 80/TCP and Port 443/TCP) of affected devices.User Authentication
75
28
https://ics-cert.us-cert.gov/advisories/ICSMA-17-215-02
ICSMA17-215-02SiemensPost - FDAPET/CT
SPECT/CT
9.89.8Critical
Ver 3 Base Score

CVE-2015-7861
An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.User Authentication
76
29
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02
ICSMA17-082-02B. BraunPost - FDASpaceCom5.45.4Medium
Ver 3 Base Score
CVE-2017-6018The web server of the affected product accepts untrusted input which could allow attackers to redirect the request to an unintended URL contained within untrusted input.User Authentication
77
30
https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-01
ICSMA17-082-01
Becton, Dickinson and Company (BD)
Post - FDAKiestra7.37.3High
Ver 3 Base Score
CVE-2017-6022BD’s PerformA and KLA Journal Service applications use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the confidentiality of limited PHI/PII information stored in the BD Kiestra Database.User Authentication
78
31
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-01
ICSMA17-017-01
Becton, Dickinson and Company (BD)
Post - FDAAlaris 80004.94.9Medium
Ver 3 Base Score
CVE-2016-8375An unauthorized user with physical access to an Alaris 8000 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8000 PC unit and accessing the device’s flash memory. Misc
79
32
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02A
ICSMA17-017-02A
Becton, Dickinson and Company (BD)
Post - FDAAlaris 80154.94.9Medium
Ver 3 Base Score
CVE-2016-8375An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device’s flash memory. MiscYes
80
32
https://ics-cert.us-cert.gov/advisories/ICSMA-17-017-02A
ICSMA17-017-02A
Becton, Dickinson and Company (BD)
Post - FDAAlaris 80156.86.8Medium
Ver 3 Base Score
CVE-2016-9355An unauthorized user with physical access to an Alaris 8015 PC unit may be able to disassemble the device to access the removable flash memory, allowing read and write access to device memory. MiscYes
81
33
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A
ICSMA17-009-01ASt. JudePost - FDAMerlin@home8.98.9High
Ver 3 Base Score
CVE-2017-5149The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical’s web site, Merlin.net, are not verified. This may allow a remote attacker to access or influence communications between the identified endpoints.User Authentication
82
34
https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01
ICSMA16-306-01Smiths MedicalPre - FDACADD-Solis8.58.5High
Ver 3 Base Score
CVE-2016-8358The affected software does not verify the identities at communication endpoints, which may allow a remote attacker to gain access to the communication channel between endpoints..User Authentication
83
34
https://ics-cert.us-cert.gov/advisories/ICSMA-16-306-01
ICSMA16-306-01Smiths MedicalPre - FDACADD-Solis9.99.9Critical
Ver 3 Base Score
CVE-2016-8355CADD-Solis Medication Safety Software grants an authenticated user elevated privileges on the SQL database, which would allow an authenticated user to modify drug libraries, add and delete users, and change user permissions. According to Smiths-Medical, physical access to the pump is required to install drug library updates.User Authentication
84
35
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
ICSMA16-279-01AnimasPre - FDAOneTouch Ping 6.56.5Medium
Ver 3 Base Score
CVE-2016-5084All communications between the meter remote unit and the pump are transmitted in cleartext.Encryption
85
35
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
ICSMA16-279-01AnimasPre - FDAOneTouch Ping 4.24.2Medium
Ver 3 Base Score
CVE-2016-5085The setup of the Animas OneTouch Ping insulin pump system involves a pairing process during which a checksum is generated, which is then used as an encryption key during communications. This value does not change between authentication handshakes between the meter remote unit and the pump.Encryption
86
35
https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
ICSMA16-279-01AnimasPre - FDAOneTouch Ping 6.46.4Medium
Ver 3 Base Score
CVE-2016-5086An attacker can capture remote transmissions between the meter remote unit and the pump and replay them to initiate unauthorized commands, to include administering insulin.User Authentication
87
36
https://ics-cert.us-cert.gov/advisories/ICSMA-16-196-01
ICSMA16-196-01PhilipsPre - FDAXper-IM4-107TM1The Philips Xper-IM Connect system running on Windows XP, Version 1.3.0.065, was tested and determined to have 460 vulnerabilities. Philips has confirmed that 272 of these vulnerabilities are present in five software packages in the Xper-IM Connect system software, and 188 vulnerabilities are associated with the no longer supported Windows XP operating system. All the 460 vulnerabilities with assigned CWEs numbers can be categorized as one of the following five types of vulnerabilities: 1) Code Injection,a 2) Resource Management Errors,b 3) Information Exposure,c 4) Numeric Errors,d and 5) Improper Restriction of Operations within the Bounds of a Memory Buffer.eOperating SystemYes
88
37
https://ics-cert.us-cert.gov/advisories/ICSMA-16-089-01
ICSMA16-089-01CareFusionPre - FDAPyxis SupplyStation0-106.74848378TM1
715 vulnerabilities were identified as having a CVSS base score of 7.0-10.0,
606 vulnerabilities were identified as having a CVSS base score of 4.0-6.9, and
97 vulnerabilities were identified as having a CVSS base score of 0-3.9.
Version 8.1.3 of the Pyxis SupplyStation system, last updated around April 2010, was tested and determined to contain 1,418 vulnerabilities that are present in 7 different third-party vendor software packages, spread across 86 different files.Third Party Library (Misc)Yes
89
38
https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01
ICSMA17-292-01Boston ScientificPost - FDAZOOM LATITUDE PRM4.64.6Medium
Ver 3 Base Score
CVE-2017-14014
The affected device uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media.Encryption
90
38
https://ics-cert.us-cert.gov/advisories/ICSMA-17-292-01
ICSMA17-292-01Boston ScientificPost - FDAZOOM LATITUDE PRM4.64.6Medium
Ver 3 Base Score
CVE-2017-14012
The affected device does not encrypt PHI at rest.Encryption
91
39
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02
ICSA18-030-02SiemensPost - FDATeleControl Server Basic5.35.3Medium
Ver 3 Base Score
CWE-288An attacker with network access to Port 8000/TCP could bypass the authentication mechanism gaining access to limited information.User Authentication
92
39
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02
ICSA18-030-02SiemensPost - FDATeleControl Server Basic8.88.8High
Ver 3 Base Score
CWE-264An authenticated attacker with network access to Port 8000/TCP could escalate privileges and perform administrative operations.User Authentication
93
39
https://ics-cert.us-cert.gov/advisories/ICSA-18-030-02
ICSA18-030-02SiemensPost - FDATeleControl Server Basic5.35.3Medium
Ver 3 Base Score
CWE-400An attacker with access to the TeleControl Server Basic’s webserver (Ports 80/TCP or 443/TCP) could cause a Denial-of-Service condition on the web server. The remaining functionality of the TeleControl Server Basic is not affected by the Denial-of-Service condition.System Configuration
94
40
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01
ICSA15-181-01BaxterPre - FDA
SIGMA Spectrum Infusion System
4.64.6Medium
Ver 2 Base Score
CVE-2014-5431Baxter’s SIGMA Spectrum infusion pumps contain a hard-coded password, which provides access to basic biomedical information, limited device settings, and network configuration of the WBM, if connected. The hard-coded password may allow an attacker with physical access to the device to access management functions to make unauthorized configuration changes to biomedical settings such as turn on and off wireless connections and the phase-complete audible alarm that indicates the end of an infusion phase.User Authentication
95
40
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01
ICSA15-181-01BaxterPre - FDA
SIGMA Spectrum Infusion System
7.57.5High
Ver 2 Base Score
CVE-2014-5432The WBM is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue commands to access account credentials and shared keys. Baxter asserts that this vulnerability only allows access to features and functionality on the WBM and that the SIGMA Spectrum infusion pump cannot be controlled from the WBM.Code Defect
96
40
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01
ICSA15-181-01BaxterPre - FDA
SIGMA Spectrum Infusion System
99High
Ver 2 Base Score
CVE-2014-5433An unauthenticated remote attacker may be able to execute commands to view wireless account credentials that are stored in cleartext on the WBM, which may allow an attacker to gain access the host network.Encryption
97
40
https://ics-cert.us-cert.gov/advisories/ICSA-15-181-01
ICSA15-181-01BaxterPre - FDA
SIGMA Spectrum Infusion System
55Medium
Ver 2 Base Score
CVE-2014-5434The WBM has a default account with hard-coded credentials used with the FTP protocol. Baxter asserts no files can be transferred to or from the WBM using this account.User Authentication
98
41
https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03
ICSA15-090-03HospiraPre - FDAMedNet6.86.8Medium
Ver 2 Base Score
CVE-2014-5403The MedNet software uses hard-coded cryptographic keys that could enable an attacker to intercept encrypted traffic from infusion pumps.EncryptionYes
99
41
https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03
ICSA15-090-03HospiraPre - FDAMedNet99High
Ver 2 Base Score
CVE-2014-5405The MedNet software contains plaintext storage of passwords for the SQL database that may allow an attacker to compromise the MedNet SQL server and gain administrative access to the workstation.User AuthenticationYes
100
41
https://ics-cert.us-cert.gov/advisories/ICSA-15-090-03
ICSA15-090-03HospiraPre - FDAMedNet6.86.8Medium
Ver 2 Base Score
CVE-2014-5400The MedNet software stores clear text usernames and passwords on the local file system that were used during the installation process that may allow a malicious user to compromise the MedNet installation.User AuthenticationYes
Loading...
Main menu