cvelistv5 - CVE-2017-12714

CVE-2017-12714 (GCVE-0-2017-12714)

Vulnerability from cvelistv5 – Published: 2018-04-25 13:00 – Updated: 2024-09-17 00:16

Summary

Severity ?

No CVSS data available.

CWE

CWE-920 - Improper Restriction of power consumption CWE-920

Assigner

icscert

References

URL

	Vendor	Product	Version
	Abbott Laboratories	Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.	Affected: All versions of pacemakers manufactured prior to August 28, 2017

FKIE_CVE-2017-12714

Vulnerability from fkie_nvd - Published: 2018-04-25 13:29 - Updated: 2024-11-21 03:10

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/100523	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100523	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
abbott	accent_firmware	*
abbott	accent	-
abbott	anthem_firmware	*
abbott	anthem	-
abbott	accent_mri_firmware	*
abbott	accent_mri	-
abbott	accent_st_firmware	*
abbott	accent_st	-
abbott	assurity_firmware	*
abbott	assurity	-
abbott	allure_firmware	*
abbott	allure	-
abbott	assurity_mri_firmware	*
abbott	assurity_mri	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF25F4E-CF32-41A5-9AEC-5CF2A1D70732",
              "versionEndExcluding": "f0b.0e.7e",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7261AA88-1BD6-4CDF-AFC0-31FD7F52B9E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C940D7-5EA3-4D42-8FFE-0C38D2D0065E",
              "versionEndExcluding": "f0b.0e.7e",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28402F-D4DF-448B-8ED3-676E0B438331",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC7CD6D-57F8-4479-A25C-9B9937FD3793",
              "versionEndExcluding": "f10.08.6c",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C752B8AA-8990-43DE-AB8B-57329E1E0AE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CCA1805-9253-4267-ACE9-B9F3BBB1549A",
              "versionEndExcluding": "f10.08.6c",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "794620AF-C8D5-4511-B4AF-5E8B4347F558",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF37E32-78D2-48CD-BF19-17533E3CB5DF",
              "versionEndExcluding": "f14.07.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B2EBFC-FB8A-402E-8C5C-118D4362B143",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "858B3E80-0179-4AD7-BC32-3AA87A7341C6",
              "versionEndExcluding": "f14.07.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B30268-EC36-42C3-8028-D345DC22A3DC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E52CB5-DB4A-42FE-B963-CE891D3C1A95",
              "versionEndExcluding": "f17.01.49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43025EB2-8644-4BC5-BC3D-D67305C504B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
    },
    {
      "lang": "es",
      "value": "Los marcapasos de Abbott Laboratories fabricados antes del 28 de agosto de 2017 no restringen o limitan el n\u00famero de comandos \"RF wake-up\" formateados correctamente que pueden recibir. Esto puede permitir que un atacante cercano env\u00ede comandos repetidamente para reducir la bater\u00eda del marcapasos. Puntuaci\u00f3n base de CVSS v3: 5.3, cadena de vector CVSS: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott ha desarrollado una actualizaci\u00f3n de firmware para ayudar a mitigar las vulnerabilidades identificadas."
    }
  ],
  "id": "CVE-2017-12714",
  "lastModified": "2024-11-21T03:10:04.977",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-25T13:29:00.287",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100523"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-920"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-920"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-12714

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12714

Aliases

CVE-2017-12714

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12714",
    "description": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
    "id": "GSD-2017-12714"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12714"
      ],
      "details": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
      "id": "GSD-2017-12714",
      "modified": "2023-12-13T01:21:03.236873Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2017-08-29T00:00:00",
        "ID": "CVE-2017-12714",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions of pacemakers manufactured prior to August 28, 2017"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Abbott Laboratories"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper Restriction of power consumption CWE-920"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
          },
          {
            "name": "100523",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100523"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f14.07.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f14.07.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f17.01.49",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-12714"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-920"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
            },
            {
              "name": "100523",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100523"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:23Z",
      "publishedDate": "2018-04-25T13:29Z"
    }
  }
}

ICSMA-18-107-01

Vulnerability from csaf_cisa - Published: 2018-04-17 00:00 - Updated: 2018-04-17 00:00

Summary

Abbott Laboratories Defibrillator

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities may allow a nearby attacker to gain unauthorized access to an ICD to issue commands, change settings, or otherwise interfere with the intended function of the ICD.

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.

Exploitability

No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "MedSec Holdings Ltd",
        "summary": "reporting these vulnerabilities to Abbott Laboratories and NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities may allow a nearby attacker to gain unauthorized access to an ICD to issue commands, change settings, or otherwise interfere with the intended function of the ICD.",
        "title": "Risk evaluation"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS-CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT website.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities. High skill level is needed to exploit.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-107-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-107-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-107-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-107-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-107-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "Abbott Laboratories Defibrillator",
    "tracking": {
      "current_release_date": "2018-04-17T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-18-107-01",
      "initial_release_date": "2018-04-17T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-04-17T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-18-107-01 Abbott Laboratories Defibrillator"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Fortify Assura: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Fortify Assura"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Promote Quadra: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Promote Quadra"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Current: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Current"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Promote: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Promote"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Quadra Assura MP: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Quadra Assura MP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Unify Quadra: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Unify Quadra"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Quadra Assura: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Quadra Assura"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Ellipse: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "Ellipse"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Unify: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "Unify"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Fortify: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "Fortify"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "distributed  \u003c april 1, 2018",
                "product": {
                  "name": "Unify Assura: manufactured and distributed prior to April 1 2018",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "Unify Assura"
          }
        ],
        "category": "vendor",
        "name": "Abbott Laboratories"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12712",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The device \u0027s authentication algorithm, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the ICD or CRT-D via RF communications.CVE-2017-12712 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12712"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "The firmware update provides additional security to reduce the risk of unauthorized access by bypassing authentication to the following high voltage device families that utilize wireless radio frequency (RF) communication: Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, Unify Quadra, Promote Quadra, and Ellipse.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "The firmware update can be applied to an eligible implanted ICD or CRT-D via the Merlin PCS Programmer by a healthcare provider. Abbott and FDA have recommended the update to all eligible patients at the next regularly scheduled visit or when appropriate depending on the preferences of the patient and physician. ICDs and CRT-Ds manufactured beginning April 25, 2018, will have these updates preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Abbott states that firmware updates should be approached with caution. As with any software update, firmware updates can cause devices to malfunction. Potential risks include discomfort due to back-up VVI pacing settings, reloading of previous firmware version due to incomplete upgrade, inability to treat VT/VF while in back-up mode given high voltage therapy is disabled, device remaining in back-up mode due to unsuccessful upgrade, and loss of currently-programmed device settings or diagnostic data. The Abbott Cybersecurity Medical Advisory Board has reviewed this firmware update and the associated risk of performing the update in the context of potential cybersecurity risk.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "While not intended to serve as a substitute for clinician judgment as to whether the firmware update is advisable for a particular patient, the Cybersecurity Medical Advisory Board recommends the following:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Abbott \u0027s older generation devices (i.e., Current and Promote) are not capable of accepting the firmware update due to technology limitations. If healthcare providers and patients have any concerns relating to device cybersecurity for those patients implanted with Current/Promote devices, providers have the option to permanently disable the RF communication capability in the device. However, if this option is selected, the patient can no longer be monitored remotely using an RF Merlin@home transmitter. For most patients, permanently disabling RF is not advisable given the proven benefits and improved survival associated with home monitoring.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Therefore, the Medical Advisory Boards recommends the following:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Patients and healthcare providers with questions can call the dedicated hotline at 1-800-722-3774 (U.S.) or visit https://www.sjm.com/cyberupdate for more information.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.sjm.com/cyberupdate%20"
        },
        {
          "category": "vendor_fix",
          "details": "Battery Performance Alert and Cybersecurity Firmware Updates for Certain Abbott (formerly St. Jude Medical) Implantable Cardiac Devices: FDA Safety Communication: FDA Safety Communication is available at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm604706.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm604706.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-12714",
      "cwe": {
        "id": "CWE-920",
        "name": "Improper Restriction of Power Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The ICDs and CRT-Ds do not restrict or limit the number of correctly formatted RF wake-up commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce device battery life. CVE-2017-12714 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).. Abbott is a U.S.-based company headquartered in Abbott Park, Illinois. Abbott is a U.S.-based company headquartered in Abbott Park, Illinois.. The affected ICDs and CRT-Ds are implantable medical devices designed to deliver high voltage electrical pulses to correct a fast or irregular heartbeat. According to Abbott, these devices are deployed across the healthcare and public health sector. Abbott indicates that these products are used worldwide.CVE-2017-12714 has been assigned to this vulnerability. A CVSS v3 base score of 5.3 has been assigned; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "nvd.nist.gov",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12714"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "The firmware update provides additional security to reduce the risk of unauthorized access by bypassing authentication to the following high voltage device families that utilize wireless radio frequency (RF) communication: Fortify, Fortify Assura, Quadra Assura, Quadra Assura MP, Unify, Unify Assura, Unify Quadra, Promote Quadra, and Ellipse.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "The firmware update can be applied to an eligible implanted ICD or CRT-D via the Merlin PCS Programmer by a healthcare provider. Abbott and FDA have recommended the update to all eligible patients at the next regularly scheduled visit or when appropriate depending on the preferences of the patient and physician. ICDs and CRT-Ds manufactured beginning April 25, 2018, will have these updates preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Abbott states that firmware updates should be approached with caution. As with any software update, firmware updates can cause devices to malfunction. Potential risks include discomfort due to back-up VVI pacing settings, reloading of previous firmware version due to incomplete upgrade, inability to treat VT/VF while in back-up mode given high voltage therapy is disabled, device remaining in back-up mode due to unsuccessful upgrade, and loss of currently-programmed device settings or diagnostic data. The Abbott Cybersecurity Medical Advisory Board has reviewed this firmware update and the associated risk of performing the update in the context of potential cybersecurity risk.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "While not intended to serve as a substitute for clinician judgment as to whether the firmware update is advisable for a particular patient, the Cybersecurity Medical Advisory Board recommends the following:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Abbott \u0027s older generation devices (i.e., Current and Promote) are not capable of accepting the firmware update due to technology limitations. If healthcare providers and patients have any concerns relating to device cybersecurity for those patients implanted with Current/Promote devices, providers have the option to permanently disable the RF communication capability in the device. However, if this option is selected, the patient can no longer be monitored remotely using an RF Merlin@home transmitter. For most patients, permanently disabling RF is not advisable given the proven benefits and improved survival associated with home monitoring.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Therefore, the Medical Advisory Boards recommends the following:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Patients and healthcare providers with questions can call the dedicated hotline at 1-800-722-3774 (U.S.) or visit https://www.sjm.com/cyberupdate for more information.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.sjm.com/cyberupdate%20"
        },
        {
          "category": "vendor_fix",
          "details": "Battery Performance Alert and Cybersecurity Firmware Updates for Certain Abbott (formerly St. Jude Medical) Implantable Cardiac Devices: FDA Safety Communication: FDA Safety Communication is available at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm604706.htm",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ],
          "url": "https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm604706.htm"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011"
          ]
        }
      ]
    }
  ]
}

ICSMA-17-241-01

Vulnerability from csaf_cisa - Published: 2017-08-29 00:00 - Updated: 2017-08-29 00:00

Summary

ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-241-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsma-17-241-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-241-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-17-241-01"
      }
    ],
    "title": "ICSMA-17-241-01_Abbott Laboratories \u0027 Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities",
    "tracking": {
      "current_release_date": "2017-08-29T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSMA-17-241-01",
      "initial_release_date": "2017-08-29T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-08-29T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-17-241-01 Abbott Laboratories Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Accent MRI: manufactured prior to August 28",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Accent MRI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Assurity/Allure: manufactured prior to August 28",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Assurity/Allure"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Assurity MRI: manufactured prior to August 28",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Assurity MRI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Accent/Anthem: manufactured prior to August 28",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Accent/Anthem"
          }
        ],
        "category": "vendor",
        "name": "Abbott Laboratories"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12712",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The pacemaker \u0027s authentication algorithm, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "The pacemaker firmware update will implement RF wake-up protections and limit the commands that can be issued to pacemakers via RF communications. Additionally the updated pacemaker firmware will prevent unencrypted transmission of patient information (Accent and Anthem only). The firmware update can be applied to an implanted pacemaker via the Merlin PCS Programmer by a healthcare provider. It is recommended that healthcare providers discuss this update with their patients and carefully consider the potential risk of a cybersecurity attack along with the risk of performing a firmware update. Implementation of the firmware update is to be determined based on the physician\u0027s professional judgment and patient management considerations. Pacemakers manufactured beginning August 28, 2017, will have this update preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2017-12712"
    },
    {
      "cve": "CVE-2017-12716",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Accent and Anthem pacemakers transmit unencrypted patient information via RF communications to programmers and home monitoring units. The Assurity and Allure pacemakers do not contain this vulnerability. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption; however, the Assurity and Allure pacemakers encrypt stored patient information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "The pacemaker firmware update will implement RF wake-up protections and limit the commands that can be issued to pacemakers via RF communications. Additionally the updated pacemaker firmware will prevent unencrypted transmission of patient information (Accent and Anthem only). The firmware update can be applied to an implanted pacemaker via the Merlin PCS Programmer by a healthcare provider. It is recommended that healthcare providers discuss this update with their patients and carefully consider the potential risk of a cybersecurity attack along with the risk of performing a firmware update. Implementation of the firmware update is to be determined based on the physician\u0027s professional judgment and patient management considerations. Pacemakers manufactured beginning August 28, 2017, will have this update preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2017-12716"
    },
    {
      "cve": "CVE-2017-12714",
      "cwe": {
        "id": "CWE-920",
        "name": "Improper Restriction of Power Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The pacemakers do not restrict or limit the number of correctly formatted RF wake-up commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "The pacemaker firmware update will implement RF wake-up protections and limit the commands that can be issued to pacemakers via RF communications. Additionally the updated pacemaker firmware will prevent unencrypted transmission of patient information (Accent and Anthem only). The firmware update can be applied to an implanted pacemaker via the Merlin PCS Programmer by a healthcare provider. It is recommended that healthcare providers discuss this update with their patients and carefully consider the potential risk of a cybersecurity attack along with the risk of performing a firmware update. Implementation of the firmware update is to be determined based on the physician\u0027s professional judgment and patient management considerations. Pacemakers manufactured beginning August 28, 2017, will have this update preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2017-12714"
    }
  ]
}

GHSA-4GWC-877G-8PXQ

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12714"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-920"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-25T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
  "id": "GHSA-4gwc-877g-8pxq",
  "modified": "2022-05-13T01:37:45Z",
  "published": "2022-05-13T01:37:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12714"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100523"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-23900

Vulnerability from cnvd - Published: 2017-08-30

Title

Abbott Laboratories多款起搏器产品访问次数限制漏洞

Description

Accent、Anthem、Accent MRI、Assurity、Allure和Assurity MRI都是美国雅培实验室（Abbott Laboratories）的植入式医疗设备。 Abbott Laboratories多款起搏器产品存在访问次数限制漏洞，起搏器不限制或限制可接收的正确格式的“RF wake-up”命令的数量，允许附近的攻击者重复发送命令以减少起搏器的电池寿命。

Severity

中

Patch Name

Abbott Laboratories多款起搏器产品访问次数限制漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm

Reference

https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

Impacted products

Name
['Abbott Laboratories Accent <August 28，2017', 'Abbott Laboratories Anthem <August 28，2017', 'Abbott Laboratories Accent MRI <August 28，2017', 'Abbott Laboratories Assurity <August 28，2017', 'Abbott Laboratories Allure <August 28，2017', 'Abbott Laboratories Assurity MRI <August 28，2017']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12714"
    }
  },
  "description": "Accent\u3001Anthem\u3001Accent MRI\u3001Assurity\u3001Allure\u548cAssurity MRI\u90fd\u662f\u7f8e\u56fd\u96c5\u57f9\u5b9e\u9a8c\u5ba4\uff08Abbott Laboratories\uff09\u7684\u690d\u5165\u5f0f\u533b\u7597\u8bbe\u5907\u3002\r\n\r\nAbbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u5b58\u5728\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e\uff0c\u8d77\u640f\u5668\u4e0d\u9650\u5236\u6216\u9650\u5236\u53ef\u63a5\u6536\u7684\u6b63\u786e\u683c\u5f0f\u7684\u201cRF wake-up\u201d\u547d\u4ee4\u7684\u6570\u91cf\uff0c\u5141\u8bb8\u9644\u8fd1\u7684\u653b\u51fb\u8005\u91cd\u590d\u53d1\u9001\u547d\u4ee4\u4ee5\u51cf\u5c11\u8d77\u640f\u5668\u7684\u7535\u6c60\u5bff\u547d\u3002",
  "discovererName": "unknow",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-23900",
  "openTime": "2017-08-30",
  "patchDescription": "Accent\u3001Anthem\u3001Accent MRI\u3001Assurity\u3001Allure\u548cAssurity MRI\u90fd\u662f\u7f8e\u56fd\u96c5\u57f9\u5b9e\u9a8c\u5ba4\uff08Abbott Laboratories\uff09\u7684\u690d\u5165\u5f0f\u533b\u7597\u8bbe\u5907\u3002\r\n\r\nAbbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u5b58\u5728\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e\uff0c\u8d77\u640f\u5668\u4e0d\u9650\u5236\u6216\u9650\u5236\u53ef\u63a5\u6536\u7684\u6b63\u786e\u683c\u5f0f\u7684\u201cRF wake-up\u201d\u547d\u4ee4\u7684\u6570\u91cf\uff0c\u5141\u8bb8\u9644\u8fd1\u7684\u653b\u51fb\u8005\u91cd\u590d\u53d1\u9001\u547d\u4ee4\u4ee5\u51cf\u5c11\u8d77\u640f\u5668\u7684\u7535\u6c60\u5bff\u547d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Abbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Abbott Laboratories Accent \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Anthem \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Accent MRI \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Assurity \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Allure \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Assurity MRI \u003cAugust 28\uff0c2017"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-30",
  "title": "Abbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e"
}

VAR-201804-0520

Vulnerability from variot - Updated: 2023-12-18 13:28

Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Battery life. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0520",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "anthem",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f0b.0e.7e"
      },
      {
        "model": "assurity",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f14.07.80"
      },
      {
        "model": "assurity mri",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f17.01.49"
      },
      {
        "model": "allure",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f14.07.80"
      },
      {
        "model": "accent mri",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f10.08.6c"
      },
      {
        "model": "accent st",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f10.08.6c"
      },
      {
        "model": "accent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f0b.0e.7e"
      },
      {
        "model": "accent",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent mri",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent st",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "allure",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "anthem",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "assurity",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "assurity mri",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "laboratories accent \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories anthem \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories accent mri \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories assurity \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories allure \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories assurity mri \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "assurity mri",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "assurity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "anthem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "allure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "accent st",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "accent mri",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "accent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "assurity mri f17.01.49",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "assurity f14.07.80",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "anthem f0b.0e.7e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "allure f14.07.80",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent st f10.08.6c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent mri f10.08.6c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent f0b.0e.7e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "accent",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "anthem",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "accent mri",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "accent st",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "assurity",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "allure",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "assurity mri",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f14.07.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f14.07.80",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f17.01.49",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MedSec Holdings Ltd",
    "sources": [
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-12714",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 6.5,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-12714",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2017-23900",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 4.6,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.2,
            "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:A/AC:H/Au:N/C:N/I:N/A:C",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2017-12714",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12714",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-23900",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-085",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Battery life. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information-disclosure vulnerability\n3. A Denial-of-Service vulnerability\nSuccessful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12714",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-17-241-01",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "100523",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085",
        "trust": 0.8
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-18-107-01",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2017.2157",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "CB95B3A8-887C-44B0-B1F4-C00D35D478D6",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ]
  },
  "id": "VAR-201804-0520",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      }
    ],
    "trust": 1.8
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:28:57.774000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.abbott.com/"
      },
      {
        "title": "Abbott Laboratories Patches for Multiple Pacemaker Product Access Limiting Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/101203"
      },
      {
        "title": "Multiple Abbott Product security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74540"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-920",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-17-241-01"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/100523"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12714"
      },
      {
        "trust": 0.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-107-01"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12714"
      },
      {
        "trust": 0.3,
        "url": "http://www.abbott.com/"
      },
      {
        "trust": 0.3,
        "url": "http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices"
      },
      {
        "trust": 0.3,
        "url": "https://www.auscert.org.au/bulletins/51662"
      },
      {
        "trust": 0.3,
        "url": "https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12714"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-30T00:00:00",
        "db": "IVD",
        "id": "cb95b3a8-887c-44b0-b1f4-c00d35d478d6"
      },
      {
        "date": "2017-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "BID",
        "id": "100523"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "date": "2018-04-25T13:29:00.287000",
        "db": "NVD",
        "id": "CVE-2017-12714"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23900"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "BID",
        "id": "100523"
      },
      {
        "date": "2018-07-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      },
      {
        "date": "2019-10-09T23:23:11.483000",
        "db": "NVD",
        "id": "CVE-2017-12714"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Abbott Laboratories pacemakers Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013349"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-085"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12714 (GCVE-0-2017-12714)

FKIE_CVE-2017-12714

GSD-2017-12714

ICSMA-18-107-01

ICSMA-17-241-01

GHSA-4GWC-877G-8PXQ

CNVD-2017-23900

VAR-201804-0520

Tags

Sightings

Nomenclature