VAR-202006-0828
Vulnerability from variot - Updated: 2023-12-18 13:28BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. BIOTRONIK CardioMessenger II There is an authentication vulnerability in.Information may be obtained. Attackers can use this vulnerability to affect confidentiality. Biotronik CardioMessenger II-S is a portable medical monitoring device of German Biotronik company. It is mainly used to monitor implantable devices such as cardiac pacemakers. Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20 have an authorization issue vulnerability, which originated from the program's failure to perform two-way authentication with the Biotronik Remote Communication device. There is currently no information about this vulnerability, so please pay attention to CNNVD or manufacturer announcements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-0828",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cardiomessenger ii-s t-line",
"scope": "eq",
"trust": 1.0,
"vendor": "biotronik",
"version": "2.20"
},
{
"model": "cardiomessenger ii-s gsm",
"scope": "eq",
"trust": 1.0,
"vendor": "biotronik",
"version": "2.20"
},
{
"model": "cardiomessenger ii-s gsm",
"scope": null,
"trust": 0.8,
"vendor": "biotronik",
"version": null
},
{
"model": "cardiomessenger ii-s t-line",
"scope": null,
"trust": 0.8,
"vendor": "biotronik",
"version": null
},
{
"model": "cardiomessenger ii-s t-line t4app",
"scope": "eq",
"trust": 0.6,
"vendor": "biotronik",
"version": "2.20"
},
{
"model": "cardiomessenger ii-s gsm t4app",
"scope": "eq",
"trust": 0.6,
"vendor": "biotronik",
"version": "2.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"db": "NVD",
"id": "CVE-2019-18246"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:biotronik:cardiomessenger_ii-s_gsm_firmware:2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:biotronik:cardiomessenger_ii-s_gsm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:biotronik:cardiomessenger_ii-s_t-line_firmware:2.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:biotronik:cardiomessenger_ii-s_t-line:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18246"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Guillaume Bour,Marie Moe,Anniken Wium Lie",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
],
"trust": 0.6
},
"cve": "CVE-2019-18246",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-015749",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2020-52058",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-015749",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18246",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-015749",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-52058",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-1221",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"db": "NVD",
"id": "CVE-2019-18246"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. BIOTRONIK CardioMessenger II There is an authentication vulnerability in.Information may be obtained. Attackers can use this vulnerability to affect confidentiality. Biotronik CardioMessenger II-S is a portable medical monitoring device of German Biotronik company. It is mainly used to monitor implantable devices such as cardiac pacemakers. \nBiotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20 have an authorization issue vulnerability, which originated from the program\u0027s failure to perform two-way authentication with the Biotronik Remote Communication device. There is currently no information about this vulnerability, so please pay attention to CNNVD or manufacturer announcements",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18246"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-170-05",
"trust": 3.0
},
{
"db": "NVD",
"id": "CVE-2019-18246",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVNVU97042917",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015749",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-52058",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47654",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.2144",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1221",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"db": "NVD",
"id": "CVE-2019-18246"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
]
},
"id": "VAR-202006-0828",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52058"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52058"
}
]
},
"last_update_date": "2023-12-18T13:28:06.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.biotronik.com/en-de"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"db": "NVD",
"id": "CVE-2019-18246"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-170-05"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18246"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18246"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-170-05"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu97042917/index.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47654"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2144/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"db": "NVD",
"id": "CVE-2019-18246"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"db": "NVD",
"id": "CVE-2019-18246"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"date": "2020-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"date": "2020-06-29T14:15:10.210000",
"db": "NVD",
"id": "CVE-2019-18246"
},
{
"date": "2020-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-52058"
},
{
"date": "2020-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-015749"
},
{
"date": "2021-04-06T17:16:14.323000",
"db": "NVD",
"id": "CVE-2019-18246"
},
{
"date": "2021-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BIOTRONIK CardioMessenger II Authentication vulnerabilities in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-015749"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-1221"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…