Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by abbott
VAR-201804-0519
Vulnerability from variot - Updated: 2023-12-18 13:28The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Authorized order. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0519",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anthem",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f0b.0e.7e"
},
{
"model": "assurity",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f14.07.80"
},
{
"model": "assurity mri",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f17.01.49"
},
{
"model": "allure",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f14.07.80"
},
{
"model": "accent mri",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f10.08.6c"
},
{
"model": "accent st",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f10.08.6c"
},
{
"model": "accent",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f0b.0e.7e"
},
{
"model": "accent",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "accent mri",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "accent st",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "allure",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "anthem",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "assurity",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "assurity mri",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "laboratories accent \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories anthem \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories accent mri \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories assurity \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories allure \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories assurity mri \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "assurity mri",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "assurity",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "anthem",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "allure",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent st",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent mri",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "assurity mri f17.01.49",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "assurity f14.07.80",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "anthem f0b.0e.7e",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "allure f14.07.80",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent st f10.08.6c",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent mri f10.08.6c",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent f0b.0e.7e",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "anthem",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent mri",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent st",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "assurity",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "allure",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "assurity mri",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
},
{
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "NVD",
"id": "CVE-2017-12712"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f14.07.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f14.07.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f17.01.49",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12712"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MedSec Holdings Ltd",
"sources": [
{
"db": "BID",
"id": "100523"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12712",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2017-23901",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12712",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12712",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23901",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-084",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
},
{
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "NVD",
"id": "CVE-2017-12712"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Authorized order. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information-disclosure vulnerability\n3. A Denial-of-Service vulnerability\nSuccessful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12712"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12712",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-17-241-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100523",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23901",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-084",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSMA-18-107-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2017.2157",
"trust": 0.3
},
{
"db": "IVD",
"id": "767A6A23-3EAA-43AB-8A2A-70FF0F71BC14",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
},
{
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "NVD",
"id": "CVE-2017-12712"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
]
},
"id": "VAR-201804-0519",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
},
{
"db": "CNVD",
"id": "CNVD-2017-23901"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
},
{
"db": "CNVD",
"id": "CNVD-2017-23901"
}
]
},
"last_update_date": "2023-12-18T13:28:57.843000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.abbott.com/"
},
{
"title": "Abbott Laboratories\u0027 various pacemaker products are not authorized to access vulnerable patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101204"
},
{
"title": "Multiple Abbott Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74539"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "NVD",
"id": "CVE-2017-12712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-241-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100523"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12712"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-107-01"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12712"
},
{
"trust": 0.3,
"url": "http://www.abbott.com/"
},
{
"trust": 0.3,
"url": "http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices"
},
{
"trust": 0.3,
"url": "https://www.auscert.org.au/bulletins/51662"
},
{
"trust": 0.3,
"url": "https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "NVD",
"id": "CVE-2017-12712"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
},
{
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"db": "NVD",
"id": "CVE-2017-12712"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "767a6a23-3eaa-43ab-8a2a-70ff0f71bc14"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100523"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"date": "2018-04-25T13:29:00.227000",
"db": "NVD",
"id": "CVE-2017-12712"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23901"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100523"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013348"
},
{
"date": "2019-10-09T23:23:11.170000",
"db": "NVD",
"id": "CVE-2017-12712"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abbott Laboratories pacemakers Cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013348"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-084"
}
],
"trust": 0.6
}
}
VAR-201804-0521
Vulnerability from variot - Updated: 2023-12-18 13:28Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an information disclosure vulnerability.Information may be obtained. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "accent mri",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f10.08.6c"
},
{
"model": "accent st",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f10.08.6c"
},
{
"model": "accent",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f0b.0e.7e"
},
{
"model": "anthem",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f0b.0e.7e"
},
{
"model": "accent",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "accent mri",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "accent st",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "anthem",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "laboratories accent \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories anthem \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories accent mri \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories assurity mri \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "assurity mri",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "assurity",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "anthem",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "allure",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent st",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent mri",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "assurity mri f17.01.49",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "assurity f14.07.80",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "anthem f0b.0e.7e",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "allure f14.07.80",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent st f10.08.6c",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent mri f10.08.6c",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent f0b.0e.7e",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "anthem",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent mri",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent st",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
},
{
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "NVD",
"id": "CVE-2017-12716"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12716"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MedSec Holdings Ltd",
"sources": [
{
"db": "BID",
"id": "100523"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12716",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12716",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.2,
"id": "CNVD-2017-23899",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 1.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.2,
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12716",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12716",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23899",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
},
{
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "NVD",
"id": "CVE-2017-12716"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an information disclosure vulnerability.Information may be obtained. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information-disclosure vulnerability\n3. A Denial-of-Service vulnerability\nSuccessful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12716"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12716",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-17-241-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100523",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23899",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-086",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2017.2157",
"trust": 0.3
},
{
"db": "IVD",
"id": "1F40774E-70DB-4D0B-92B4-A4C00C1E8CE5",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
},
{
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "NVD",
"id": "CVE-2017-12716"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
]
},
"id": "VAR-201804-0521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
},
{
"db": "CNVD",
"id": "CNVD-2017-23899"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
},
{
"db": "CNVD",
"id": "CNVD-2017-23899"
}
]
},
"last_update_date": "2023-12-18T13:28:57.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.abbott.com/"
},
{
"title": "Abbott Laboratories Patches for Errors in Encrypting Sensitive Data Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101202"
},
{
"title": "Multiple Abbott Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74541"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "NVD",
"id": "CVE-2017-12716"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-241-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100523"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12716"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12716"
},
{
"trust": 0.3,
"url": "http://www.abbott.com/"
},
{
"trust": 0.3,
"url": "http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices"
},
{
"trust": 0.3,
"url": "https://www.auscert.org.au/bulletins/51662"
},
{
"trust": 0.3,
"url": "https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "NVD",
"id": "CVE-2017-12716"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
},
{
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"db": "NVD",
"id": "CVE-2017-12716"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100523"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"date": "2018-04-25T13:29:00.333000",
"db": "NVD",
"id": "CVE-2017-12716"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23899"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100523"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013350"
},
{
"date": "2019-10-09T23:23:11.687000",
"db": "NVD",
"id": "CVE-2017-12716"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abbott Laboratories pacemakers Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013350"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-086"
}
],
"trust": 0.6
}
}
VAR-201804-0520
Vulnerability from variot - Updated: 2023-12-18 13:28Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Battery life. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "anthem",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f0b.0e.7e"
},
{
"model": "assurity",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f14.07.80"
},
{
"model": "assurity mri",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f17.01.49"
},
{
"model": "allure",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f14.07.80"
},
{
"model": "accent mri",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f10.08.6c"
},
{
"model": "accent st",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f10.08.6c"
},
{
"model": "accent",
"scope": "lt",
"trust": 1.0,
"vendor": "abbott",
"version": "f0b.0e.7e"
},
{
"model": "accent",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "accent mri",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "accent st",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "allure",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "anthem",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "assurity",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "assurity mri",
"scope": null,
"trust": 0.8,
"vendor": "abbott",
"version": null
},
{
"model": "laboratories accent \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories anthem \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories accent mri \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories assurity \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories allure \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "laboratories assurity mri \u003caugust",
"scope": "eq",
"trust": 0.6,
"vendor": "abbott",
"version": "282017"
},
{
"model": "assurity mri",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "assurity",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "anthem",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "allure",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent st",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent mri",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "accent",
"scope": "eq",
"trust": 0.3,
"vendor": "abbott",
"version": "0"
},
{
"model": "assurity mri f17.01.49",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "assurity f14.07.80",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "anthem f0b.0e.7e",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "allure f14.07.80",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent st f10.08.6c",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent mri f10.08.6c",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": "accent f0b.0e.7e",
"scope": "ne",
"trust": 0.3,
"vendor": "abbott",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "anthem",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent mri",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "accent st",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "assurity",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "allure",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "assurity mri",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
},
{
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "NVD",
"id": "CVE-2017-12714"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f0b.0e.7e",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f10.08.6c",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f14.07.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f14.07.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "f17.01.49",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12714"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MedSec Holdings Ltd",
"sources": [
{
"db": "BID",
"id": "100523"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12714",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12714",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "CNVD-2017-23900",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.2,
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-12714",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12714",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-085",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
},
{
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "NVD",
"id": "CVE-2017-12714"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Battery life. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information-disclosure vulnerability\n3. A Denial-of-Service vulnerability\nSuccessful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12714",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-17-241-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100523",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23900",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-085",
"trust": 0.8
},
{
"db": "ICS CERT",
"id": "ICSMA-18-107-01",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2017.2157",
"trust": 0.3
},
{
"db": "IVD",
"id": "CB95B3A8-887C-44B0-B1F4-C00D35D478D6",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
},
{
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "NVD",
"id": "CVE-2017-12714"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
]
},
"id": "VAR-201804-0520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
},
{
"db": "CNVD",
"id": "CNVD-2017-23900"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
},
{
"db": "CNVD",
"id": "CNVD-2017-23900"
}
]
},
"last_update_date": "2023-12-18T13:28:57.774000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.abbott.com/"
},
{
"title": "Abbott Laboratories Patches for Multiple Pacemaker Product Access Limiting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/101203"
},
{
"title": "Multiple Abbott Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74540"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-920",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "NVD",
"id": "CVE-2017-12714"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-241-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100523"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12714"
},
{
"trust": 0.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-107-01"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12714"
},
{
"trust": 0.3,
"url": "http://www.abbott.com/"
},
{
"trust": 0.3,
"url": "http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices"
},
{
"trust": 0.3,
"url": "https://www.auscert.org.au/bulletins/51662"
},
{
"trust": 0.3,
"url": "https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "NVD",
"id": "CVE-2017-12714"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
},
{
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"db": "BID",
"id": "100523"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"db": "NVD",
"id": "CVE-2017-12714"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "IVD",
"id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
},
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100523"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"date": "2018-04-25T13:29:00.287000",
"db": "NVD",
"id": "CVE-2017-12714"
},
{
"date": "2017-08-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23900"
},
{
"date": "2017-08-29T00:00:00",
"db": "BID",
"id": "100523"
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013349"
},
{
"date": "2019-10-09T23:23:11.483000",
"db": "NVD",
"id": "CVE-2017-12714"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Abbott Laboratories pacemakers Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013349"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-085"
}
],
"trust": 0.6
}
}
VAR-201702-0699
Vulnerability from variot - Updated: 2023-12-18 12:44An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. St. St.Jude Medical Merlin@home transmitter is a product of St.Jude Medical of the United States for remote care management of patients implanted with cardiac devices. Merlin@home has a human security bypass vulnerability. Merlin@home is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. Versions prior to Merlin@home 8.2.2 are vulnerable. Jude Medical Merlin@home transmitter is a product of St
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201702-0699",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "merlin\\@home",
"scope": "lte",
"trust": 1.0,
"vendor": "abbott",
"version": "8.0"
},
{
"model": "jude medical merlin@home",
"scope": "eq",
"trust": 0.9,
"vendor": "st",
"version": "8.0"
},
{
"model": "merlin@home",
"scope": "lt",
"trust": 0.8,
"vendor": "st jude medical",
"version": "8.2.2"
},
{
"model": "merlin\\@home",
"scope": "eq",
"trust": 0.6,
"vendor": "st jude medical",
"version": "8.0"
},
{
"model": "jude medical merlin@home",
"scope": "ne",
"trust": 0.3,
"vendor": "st",
"version": "8.2.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "merlin home",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "BID",
"id": "95331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:abbott:merlin\\@home_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:abbott:merlin\\@home_ex1100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:abbott:merlin\\@home_ex1150:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5149"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MedSec Holdings",
"sources": [
{
"db": "BID",
"id": "95331"
}
],
"trust": 0.3
},
"cve": "CVE-2017-5149",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-5149",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-00460",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-113352",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.9,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-5149",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-5149",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-00460",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201701-171",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-113352",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-5149",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "VULHUB",
"id": "VHN-113352"
},
{
"db": "VULMON",
"id": "CVE-2017-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical\u0027s web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints. St. St.Jude Medical Merlin@home transmitter is a product of St.Jude Medical of the United States for remote care management of patients implanted with cardiac devices. Merlin@home has a human security bypass vulnerability. Merlin@home is prone to a security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to bypass certain security restrictions and perform unauthorized actions by conducting a man-in-the-middle attack. This may lead to other attacks. \nVersions prior to Merlin@home 8.2.2 are vulnerable. Jude Medical Merlin@home transmitter is a product of St",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "BID",
"id": "95331"
},
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "VULHUB",
"id": "VHN-113352"
},
{
"db": "VULMON",
"id": "CVE-2017-5149"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-5149",
"trust": 3.7
},
{
"db": "BID",
"id": "95331",
"trust": 2.7
},
{
"db": "ICS CERT",
"id": "ICSMA-17-009-01A",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSMA-17-009-01",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-00460",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280",
"trust": 0.8
},
{
"db": "IVD",
"id": "FA131AA5-74F9-4FB0-950D-D3CAA56347B5",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-113352",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-5149",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "VULHUB",
"id": "VHN-113352"
},
{
"db": "VULMON",
"id": "CVE-2017-5149"
},
{
"db": "BID",
"id": "95331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"id": "VAR-201702-0699",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "VULHUB",
"id": "VHN-113352"
}
],
"trust": 1.65
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "CNVD",
"id": "CNVD-2017-00460"
}
]
},
"last_update_date": "2023-12-18T12:44:41.954000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Merlin@home",
"trust": 0.8,
"url": "https://www.sjm.com/en/professionals/featured-products/cardiac-rhythm-management/remote-care/remote-care/merlin-home-transmitter?halert=show\u0026clset=af584191-45c9-4201-8740-5409f4cf8bdd%3ab20716c1-c2a6-"
},
{
"title": "Merlin@home people middle security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/88010"
},
{
"title": "St. Jude Medical Merlin@home Transmitter Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66895"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/brooocifer/hack-merlin-at-home "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "VULMON",
"id": "CVE-2017-5149"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-113352"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "NVD",
"id": "CVE-2017-5149"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-009-01a"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/95331"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-009-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-5149"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-5149"
},
{
"trust": 0.3,
"url": "https://www.sjm.com/en/professionals/featured-products/cardiac-rhythm-management/remote-care/remote-care/merlin-home-transmitter?halert=show\u0026clset=af584191-45c9-4201-8740-5409f4cf8bdd%3ab20716c1-c2a6-"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://github.com/brooocifer/hack-merlin-at-home"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "VULHUB",
"id": "VHN-113352"
},
{
"db": "VULMON",
"id": "CVE-2017-5149"
},
{
"db": "BID",
"id": "95331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"db": "VULHUB",
"id": "VHN-113352"
},
{
"db": "VULMON",
"id": "CVE-2017-5149"
},
{
"db": "BID",
"id": "95331"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-16T00:00:00",
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"date": "2017-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULHUB",
"id": "VHN-113352"
},
{
"date": "2017-02-13T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5149"
},
{
"date": "2017-01-09T00:00:00",
"db": "BID",
"id": "95331"
},
{
"date": "2017-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"date": "2017-02-13T22:59:00.303000",
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"date": "2017-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-01-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-00460"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-113352"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-5149"
},
{
"date": "2017-01-12T01:11:00",
"db": "BID",
"id": "95331"
},
{
"date": "2017-04-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-002280"
},
{
"date": "2023-06-26T19:38:41.247000",
"db": "NVD",
"id": "CVE-2017-5149"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "St. Jude Medical Merlin@home Vulnerabilities that allow access to communication between specific endpoints",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-002280"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Code problem",
"sources": [
{
"db": "IVD",
"id": "fa131aa5-74f9-4fb0-950d-d3caa56347b5"
},
{
"db": "CNNVD",
"id": "CNNVD-201701-171"
}
],
"trust": 0.8
}
}