CVE-2019-18254

Summary

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

Affected Software

VendorProductVersion RangeStatus
n/aBIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSMCardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20affected

Weaknesses

  • CWE-311: MISSING ENCRYPTION OF SENSITIVE DATA CWE-311

ADP Enrichment

CVE Program Container

Additional References

References