cvelistv5 - cve-2017-12716

CVE-2017-12716 (GCVE-0-2017-12716)

Vulnerability from cvelistv5 – Published: 2018-04-25 13:00 – Updated: 2024-09-17 01:55

Summary

Severity ?

No CVSS data available.

CWE

CWE-311 - Missing encryption of sensitive data CWE-311

Assigner

icscert

References

URL

	Vendor	Product	Version
	Abbott Laboratories	Accent and Anthem	Affected: All versions of pacemakers manufactured prior to August 28, 2017

VAR-201804-0521

Vulnerability from variot - Updated: 2023-12-18 13:28

Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an information disclosure vulnerability.Information may be obtained. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201804-0521",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "accent mri",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f10.08.6c"
      },
      {
        "model": "accent st",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f10.08.6c"
      },
      {
        "model": "accent",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f0b.0e.7e"
      },
      {
        "model": "anthem",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "abbott",
        "version": "f0b.0e.7e"
      },
      {
        "model": "accent",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent mri",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent st",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "anthem",
        "scope": null,
        "trust": 0.8,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "laboratories accent \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories anthem \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories accent mri \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "laboratories assurity mri \u003caugust",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "abbott",
        "version": "282017"
      },
      {
        "model": "assurity mri",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "assurity",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "anthem",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "allure",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "accent st",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "accent mri",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "accent",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "abbott",
        "version": "0"
      },
      {
        "model": "assurity mri f17.01.49",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "assurity f14.07.80",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "anthem f0b.0e.7e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "allure f14.07.80",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent st f10.08.6c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent mri f10.08.6c",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": "accent f0b.0e.7e",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "abbott",
        "version": null
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "accent",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "anthem",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "accent mri",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "accent st",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MedSec Holdings Ltd",
    "sources": [
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-12716",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-12716",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.2,
            "id": "CNVD-2017-23899",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 1.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.2,
            "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.2,
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-12716",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12716",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-23899",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-086",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5",
            "trust": 0.2,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an information disclosure vulnerability.Information may be obtained. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities:\n1. An authentication-bypass vulnerability\n2. An information-disclosure vulnerability\n3. A Denial-of-Service vulnerability\nSuccessful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      }
    ],
    "trust": 2.61
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12716",
        "trust": 3.5
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-17-241-01",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "100523",
        "trust": 1.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2017.2157",
        "trust": 0.3
      },
      {
        "db": "IVD",
        "id": "1F40774E-70DB-4D0B-92B4-A4C00C1E8CE5",
        "trust": 0.2
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ]
  },
  "id": "VAR-201804-0521",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      }
    ],
    "trust": 1.8
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:28:57.809000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.abbott.com/"
      },
      {
        "title": "Abbott Laboratories Patches for Errors in Encrypting Sensitive Data Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/101202"
      },
      {
        "title": "Multiple Abbott Product information disclosure vulnerability repair measures",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74541"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-319",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-200",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-17-241-01"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/100523"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12716"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12716"
      },
      {
        "trust": 0.3,
        "url": "http://www.abbott.com/"
      },
      {
        "trust": 0.3,
        "url": "http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices"
      },
      {
        "trust": 0.3,
        "url": "https://www.auscert.org.au/bulletins/51662"
      },
      {
        "trust": 0.3,
        "url": "https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "db": "BID",
        "id": "100523"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12716"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-30T00:00:00",
        "db": "IVD",
        "id": "1f40774e-70db-4d0b-92b4-a4c00c1e8ce5"
      },
      {
        "date": "2017-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "BID",
        "id": "100523"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "date": "2018-04-25T13:29:00.333000",
        "db": "NVD",
        "id": "CVE-2017-12716"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-23899"
      },
      {
        "date": "2017-08-29T00:00:00",
        "db": "BID",
        "id": "100523"
      },
      {
        "date": "2018-06-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      },
      {
        "date": "2019-10-09T23:23:11.687000",
        "db": "NVD",
        "id": "CVE-2017-12716"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote or local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Abbott Laboratories pacemakers Vulnerable to information disclosure",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-013350"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-086"
      }
    ],
    "trust": 0.6
  }
}

GHSA-X247-46RV-347W

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-12716"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-25T13:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
  "id": "GHSA-x247-46rv-347w",
  "modified": "2022-05-13T01:37:45Z",
  "published": "2022-05-13T01:37:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12716"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/100523"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-23899

Vulnerability from cnvd - Published: 2017-08-30

Title

Abbott Laboratories多款起搏器产品错误加密敏感数据漏洞

Description

Accent、Anthem、Accent MRI、Assurity、Allure和Assurity MRI都是美国雅培实验室（Abbott Laboratories）的植入式医疗设备。 Abbott Laboratories多款起搏器产品存在错误加密敏感数据漏洞，Accent和Anthem起搏器通过RF通信将未加密的患者信息传送给程序员和家庭监控单元。

Severity

低

Patch Name

Abbott Laboratories多款起搏器产品错误加密敏感数据漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm

Reference

https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

Impacted products

Name
['Abbott Laboratories Accent <August 28，2017', 'Abbott Laboratories Anthem <August 28，2017', 'Abbott Laboratories Accent MRI <August 28，2017', 'Abbott Laboratories Assurity MRI <August 28，2017']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-12716"
    }
  },
  "description": "Accent\u3001Anthem\u3001Accent MRI\u3001Assurity\u3001Allure\u548cAssurity MRI\u90fd\u662f\u7f8e\u56fd\u96c5\u57f9\u5b9e\u9a8c\u5ba4\uff08Abbott Laboratories\uff09\u7684\u690d\u5165\u5f0f\u533b\u7597\u8bbe\u5907\u3002\r\n\r\nAbbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u5b58\u5728\u9519\u8bef\u52a0\u5bc6\u654f\u611f\u6570\u636e\u6f0f\u6d1e\uff0cAccent\u548cAnthem\u8d77\u640f\u5668\u901a\u8fc7RF\u901a\u4fe1\u5c06\u672a\u52a0\u5bc6\u7684\u60a3\u8005\u4fe1\u606f\u4f20\u9001\u7ed9\u7a0b\u5e8f\u5458\u548c\u5bb6\u5ead\u76d1\u63a7\u5355\u5143\u3002",
  "discovererName": "unknow",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-23899",
  "openTime": "2017-08-30",
  "patchDescription": "Accent\u3001Anthem\u3001Accent MRI\u3001Assurity\u3001Allure\u548cAssurity MRI\u90fd\u662f\u7f8e\u56fd\u96c5\u57f9\u5b9e\u9a8c\u5ba4\uff08Abbott Laboratories\uff09\u7684\u690d\u5165\u5f0f\u533b\u7597\u8bbe\u5907\u3002\r\n\r\nAbbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u5b58\u5728\u9519\u8bef\u52a0\u5bc6\u654f\u611f\u6570\u636e\u6f0f\u6d1e\uff0cAccent\u548cAnthem\u8d77\u640f\u5668\u901a\u8fc7RF\u901a\u4fe1\u5c06\u672a\u52a0\u5bc6\u7684\u60a3\u8005\u4fe1\u606f\u4f20\u9001\u7ed9\u7a0b\u5e8f\u5458\u548c\u5bb6\u5ead\u76d1\u63a7\u5355\u5143\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Abbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u9519\u8bef\u52a0\u5bc6\u654f\u611f\u6570\u636e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Abbott Laboratories Accent \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Anthem \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Accent MRI \u003cAugust 28\uff0c2017",
      "Abbott Laboratories Assurity MRI \u003cAugust 28\uff0c2017"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
  "serverity": "\u4f4e",
  "submitTime": "2017-08-30",
  "title": "Abbott Laboratories\u591a\u6b3e\u8d77\u640f\u5668\u4ea7\u54c1\u9519\u8bef\u52a0\u5bc6\u654f\u611f\u6570\u636e\u6f0f\u6d1e"
}

ICSMA-17-241-01

Vulnerability from csaf_cisa - Published: 2017-08-29 00:00 - Updated: 2017-08-29 00:00

Summary

ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "CISAservicedesk@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-241-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsma-17-241-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-241-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-17-241-01"
      }
    ],
    "title": "ICSMA-17-241-01_Abbott Laboratories \u0027 Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities",
    "tracking": {
      "current_release_date": "2017-08-29T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA USCert CSAF Generator",
          "version": "1"
        }
      },
      "id": "ICSMA-17-241-01",
      "initial_release_date": "2017-08-29T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-08-29T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-17-241-01 Abbott Laboratories Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Accent MRI: manufactured prior to August 28",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Accent MRI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Assurity/Allure: manufactured prior to August 28",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Assurity/Allure"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Assurity MRI: manufactured prior to August 28",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Assurity MRI"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c august 28",
                "product": {
                  "name": "Accent/Anthem: manufactured prior to August 28",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Accent/Anthem"
          }
        ],
        "category": "vendor",
        "name": "Abbott Laboratories"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-12712",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The pacemaker \u0027s authentication algorithm, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "The pacemaker firmware update will implement RF wake-up protections and limit the commands that can be issued to pacemakers via RF communications. Additionally the updated pacemaker firmware will prevent unencrypted transmission of patient information (Accent and Anthem only). The firmware update can be applied to an implanted pacemaker via the Merlin PCS Programmer by a healthcare provider. It is recommended that healthcare providers discuss this update with their patients and carefully consider the potential risk of a cybersecurity attack along with the risk of performing a firmware update. Implementation of the firmware update is to be determined based on the physician\u0027s professional judgment and patient management considerations. Pacemakers manufactured beginning August 28, 2017, will have this update preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2017-12712"
    },
    {
      "cve": "CVE-2017-12716",
      "cwe": {
        "id": "CWE-311",
        "name": "Missing Encryption of Sensitive Data"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The Accent and Anthem pacemakers transmit unencrypted patient information via RF communications to programmers and home monitoring units. The Assurity and Allure pacemakers do not contain this vulnerability. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption; however, the Assurity and Allure pacemakers encrypt stored patient information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "The pacemaker firmware update will implement RF wake-up protections and limit the commands that can be issued to pacemakers via RF communications. Additionally the updated pacemaker firmware will prevent unencrypted transmission of patient information (Accent and Anthem only). The firmware update can be applied to an implanted pacemaker via the Merlin PCS Programmer by a healthcare provider. It is recommended that healthcare providers discuss this update with their patients and carefully consider the potential risk of a cybersecurity attack along with the risk of performing a firmware update. Implementation of the firmware update is to be determined based on the physician\u0027s professional judgment and patient management considerations. Pacemakers manufactured beginning August 28, 2017, will have this update preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2017-12716"
    },
    {
      "cve": "CVE-2017-12714",
      "cwe": {
        "id": "CWE-920",
        "name": "Improper Restriction of Power Consumption"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The pacemakers do not restrict or limit the number of correctly formatted RF wake-up commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004"
        ]
      },
      "references": [
        {
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "The pacemaker firmware update will implement RF wake-up protections and limit the commands that can be issued to pacemakers via RF communications. Additionally the updated pacemaker firmware will prevent unencrypted transmission of patient information (Accent and Anthem only). The firmware update can be applied to an implanted pacemaker via the Merlin PCS Programmer by a healthcare provider. It is recommended that healthcare providers discuss this update with their patients and carefully consider the potential risk of a cybersecurity attack along with the risk of performing a firmware update. Implementation of the firmware update is to be determined based on the physician\u0027s professional judgment and patient management considerations. Pacemakers manufactured beginning August 28, 2017, will have this update preloaded on devices.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004"
          ]
        }
      ],
      "title": "CVE-2017-12714"
    }
  ]
}

GSD-2017-12716

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-12716

Aliases

CVE-2017-12716

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-12716",
    "description": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
    "id": "GSD-2017-12716"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-12716"
      ],
      "details": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.",
      "id": "GSD-2017-12716",
      "modified": "2023-12-13T01:21:04.060226Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2017-08-29T00:00:00",
        "ID": "CVE-2017-12716",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Accent and Anthem",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions of pacemakers manufactured prior to August 28, 2017"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Abbott Laboratories"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Missing encryption of sensitive data CWE-311"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
          },
          {
            "name": "100523",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/100523"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f0b.0e.7e",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "f10.08.6c",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2017-12716"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-319"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
            },
            {
              "name": "100523",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/100523"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-10-09T23:23Z",
      "publishedDate": "2018-04-25T13:29Z"
    }
  }
}

FKIE_CVE-2017-12716

Vulnerability from fkie_nvd - Published: 2018-04-25 13:29 - Updated: 2024-11-21 03:10

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/100523	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/100523	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
abbott	accent_firmware	*
abbott	accent	-
abbott	anthem_firmware	*
abbott	anthem	-
abbott	accent_mri_firmware	*
abbott	accent_mri	-
abbott	accent_st_firmware	*
abbott	accent_st	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF25F4E-CF32-41A5-9AEC-5CF2A1D70732",
              "versionEndExcluding": "f0b.0e.7e",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7261AA88-1BD6-4CDF-AFC0-31FD7F52B9E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6C940D7-5EA3-4D42-8FFE-0C38D2D0065E",
              "versionEndExcluding": "f0b.0e.7e",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B28402F-D4DF-448B-8ED3-676E0B438331",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC7CD6D-57F8-4479-A25C-9B9937FD3793",
              "versionEndExcluding": "f10.08.6c",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C752B8AA-8990-43DE-AB8B-57329E1E0AE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CCA1805-9253-4267-ACE9-B9F3BBB1549A",
              "versionEndExcluding": "f10.08.6c",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "794620AF-C8D5-4511-B4AF-5E8B4347F558",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
    },
    {
      "lang": "es",
      "value": "Los marcapasos Accent y Anthem de Abbott Laboratories fabricados antes del 28 de agosto de 2017 transmiten informaci\u00f3n no cifrada del paciente mediante comunicaciones de radiofrecuencia y unidades de monitorizaci\u00f3n dom\u00e9stica. Adem\u00e1s, los marcapasos Accent y Anthem almacenan la informaci\u00f3n opcional del paciente sin cifrar. Puntuaci\u00f3n base de CVSS v3: 3.1, cadena de vector CVSS: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott ha desarrollado una actualizaci\u00f3n de firmware para ayudar a mitigar las vulnerabilidades identificadas."
    }
  ],
  "id": "CVE-2017-12716",
  "lastModified": "2024-11-21T03:10:05.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-25T13:29:00.333",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100523"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-311"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-12716 (GCVE-0-2017-12716)

VAR-201804-0521

GHSA-X247-46RV-347W

CNVD-2017-23899

ICSMA-17-241-01

GSD-2017-12716

FKIE_CVE-2017-12716

Tags

Sightings

Nomenclature