BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.
References
Link | Resource |
---|---|
https://www.us-cert.gov/ics/advisories/icsma-20-170-05 | Third Party Advisory US Government Resource |
https://www.us-cert.gov/ics/advisories/icsma-20-170-05 | Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
History
21 Nov 2024, 04:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.us-cert.gov/ics/advisories/icsma-20-170-05 - Third Party Advisory, US Government Resource |
29 Oct 2021, 19:14
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-312 |
Information
Published : 2020-06-29 14:15
Updated : 2024-11-21 04:32
NVD link : CVE-2019-18254
Mitre link : CVE-2019-18254
CVE.ORG link : CVE-2019-18254
JSON object : View
Products Affected
biotronik
- cardiomessenger_ii-s_gsm_firmware
- cardiomessenger_ii-s_t-line
- cardiomessenger_ii-s_gsm
- cardiomessenger_ii-s_t-line_firmware