CVE-2019-25720

Summary

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

Affected Software

VendorProductVersion RangeStatus
DrägerSC 6002XLSC 6002XLaffected
DrägerSC6802XLSC6802XLaffected
DrägerSC 7000SC 7000affected
DrägerSC8000SC8000affected
DrägerSC90000 XLSC90000 XLaffected

Weaknesses

  • CWE-1286: CWE-1286 Improper Validation of Syntactic Correctness of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References