CVE-2019-18254

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.
References
Link Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-05 Third Party Advisory US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-20-170-05 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:biotronik:cardiomessenger_ii-s_gsm_firmware:2.20:*:*:*:*:*:*:*
cpe:2.3:h:biotronik:cardiomessenger_ii-s_gsm:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:biotronik:cardiomessenger_ii-s_t-line_firmware:2.20:*:*:*:*:*:*:*
cpe:2.3:h:biotronik:cardiomessenger_ii-s_t-line:-:*:*:*:*:*:*:*

History

21 Nov 2024, 04:32

Type Values Removed Values Added
References () https://www.us-cert.gov/ics/advisories/icsma-20-170-05 - Third Party Advisory, US Government Resource () https://www.us-cert.gov/ics/advisories/icsma-20-170-05 - Third Party Advisory, US Government Resource

29 Oct 2021, 19:14

Type Values Removed Values Added
CWE CWE-311 CWE-312

Information

Published : 2020-06-29 14:15

Updated : 2024-11-21 04:32


NVD link : CVE-2019-18254

Mitre link : CVE-2019-18254

CVE.ORG link : CVE-2019-18254


JSON object : View

Products Affected

biotronik

  • cardiomessenger_ii-s_gsm_firmware
  • cardiomessenger_ii-s_t-line
  • cardiomessenger_ii-s_gsm
  • cardiomessenger_ii-s_t-line_firmware
CWE
CWE-311

Missing Encryption of Sensitive Data

CWE-312

Cleartext Storage of Sensitive Information