cnvd - cnvd-2017-23900

CNVD-2017-23900

Vulnerability from cnvd - Published: 2017-08-30

Title

Abbott Laboratories多款起搏器产品访问次数限制漏洞

Description

Accent、Anthem、Accent MRI、Assurity、Allure和Assurity MRI都是美国雅培实验室（Abbott Laboratories）的植入式医疗设备。 Abbott Laboratories多款起搏器产品存在访问次数限制漏洞，起搏器不限制或限制可接收的正确格式的“RF wake-up”命令的数量，允许附近的攻击者重复发送命令以减少起搏器的电池寿命。

Severity

中

Patch Name

Abbott Laboratories多款起搏器产品访问次数限制漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm

Reference

https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

Impacted products

Name
['Abbott Laboratories Accent <August 28，2017', 'Abbott Laboratories Anthem <August 28，2017', 'Abbott Laboratories Accent MRI <August 28，2017', 'Abbott Laboratories Assurity <August 28，2017', 'Abbott Laboratories Allure <August 28，2017', 'Abbott Laboratories Assurity MRI <August 28，2017']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12714"
    }
  },
  "description": "Accent\u3001Anthem\u3001Accent MRI\u3001Assurity\u3001Allure\u548cAssurity MRI\u90fd\u662f\u7f8e\u56fd\u96c5\u57f9\u5b9e\u9a8c\u5ba4\uff08Abbott Laboratories\uff09\u7684\u690d\u5165\u5f0f\u533b\u7597\u8bbe\u5907\u3002\r\n\r\nAbbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u5b58\u5728\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e\uff0c\u8d77\u640f\u5668\u4e0d\u9650\u5236\u6216\u9650\u5236\u53ef\u63a5\u6536\u7684\u6b63\u786e\u683c\u5f0f\u7684\u201cRF wake-up\u201d\u547d\u4ee4\u7684\u6570\u91cf\uff0c\u5141\u8bb8\u9644\u8fd1\u7684\u653b\u51fb\u8005\u91cd\u590d\u53d1\u9001\u547d\u4ee4\u4ee5\u51cf\u5c11\u8d77\u640f\u5668\u7684\u7535\u6c60\u5bff\u547d\u3002",
  "discovererName": "unknow",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-23900",
  "openTime": "2017-08-30",
  "patchDescription": "Accent\u3001Anthem\u3001Accent MRI\u3001Assurity\u3001Allure\u548cAssurity MRI\u90fd\u662f\u7f8e\u56fd\u96c5\u57f9\u5b9e\u9a8c\u5ba4\uff08Abbott Laboratories\uff09\u7684\u690d\u5165\u5f0f\u533b\u7597\u8bbe\u5907\u3002\r\n\r\nAbbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u5b58\u5728\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e\uff0c\u8d77\u640f\u5668\u4e0d\u9650\u5236\u6216\u9650\u5236\u53ef\u63a5\u6536\u7684\u6b63\u786e\u683c\u5f0f\u7684\u201cRF wake-up\u201d\u547d\u4ee4\u7684\u6570\u91cf\uff0c\u5141\u8bb8\u9644\u8fd1\u7684\u653b\u51fb\u8005\u91cd\u590d\u53d1\u9001\u547d\u4ee4\u4ee5\u51cf\u5c11\u8d77\u640f\u5668\u7684\u7535\u6c60\u5bff\u547d\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Abbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Abbott Laboratories Accent \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Anthem \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Accent MRI \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Assurity \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Allure \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Assurity MRI \u003cAugust 28\uff0c2017"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
  "serverity": "\u4e2d",
  "submitTime": "2017-08-30",
  "title": "Abbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u8bbf\u95ee\u6b21\u6570\u9650\u5236\u6f0f\u6d1e"
}

CVE-2017-12714 (GCVE-0-2017-12714)

Vulnerability from cvelistv5 – Published: 2018-04-25 13:00 – Updated: 2024-09-17 00:16

Summary

Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Severity ?

No CVSS data available.

CWE

CWE-920 - Improper Restriction of power consumption CWE-920

Assigner

icscert

References

URL

Tags

	https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01	x_refsource_MISC
	http://www.securityfocus.com/bid/100523	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	Abbott Laboratories	Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.	Affected: All versions of pacemakers manufactured prior to August 28, 2017

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:43:56.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
          },
          {
            "name": "100523",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100523"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.",
          "vendor": "Abbott Laboratories",
          "versions": [
            {
              "status": "affected",
              "version": "All versions of pacemakers manufactured prior to August 28, 2017"
            }
          ]
        }
      ],
      "datePublic": "2017-08-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-920",
              "description": "Improper Restriction of power consumption CWE-920",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-04-26T09:57:01",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
        },
        {
          "name": "100523",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100523"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2017-08-29T00:00:00",
          "ID": "CVE-2017-12714",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions of pacemakers manufactured prior to August 28, 2017"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Abbott Laboratories"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted \"RF wake-up\" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Improper Restriction of power consumption CWE-920"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
            },
            {
              "name": "100523",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100523"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2017-12714",
    "datePublished": "2018-04-25T13:00:00Z",
    "dateReserved": "2017-08-09T00:00:00",
    "dateUpdated": "2024-09-17T00:16:50.163Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-23900

CVE-2017-12714 (GCVE-0-2017-12714)

Tags

Sightings

Nomenclature