CVE-2019-18252

BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure.
References
Link Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-05 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:biotronik:cardiomessenger_ii-s_gsm_firmware:2.20:*:*:*:*:*:*:*
cpe:2.3:h:biotronik:cardiomessenger_ii-s_gsm:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:biotronik:cardiomessenger_ii-s_t-line_firmware:2.20:*:*:*:*:*:*:*
cpe:2.3:h:biotronik:cardiomessenger_ii-s_t-line:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:32

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-20-170-05 - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsma-20-170-05 - Third Party Advisory, US Government Resource

Information

Published : 2020-06-29 14:15

Updated : 2024-11-21 04:32


NVD link : CVE-2019-18252

Mitre link : CVE-2019-18252

CVE.ORG link : CVE-2019-18252


JSON object : View

Products Affected

biotronik

  • cardiomessenger_ii-s_gsm_firmware
  • cardiomessenger_ii-s_t-line
  • cardiomessenger_ii-s_gsm
  • cardiomessenger_ii-s_t-line_firmware
CWE
CWE-287

Improper Authentication