CVE-2021-38392

Summary

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.

Affected Software

VendorProductVersion RangeStatus
Boston ScientificZOOM LATITUDEModel 3120affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

Workarounds

Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.

ADP Enrichment

CVE Program Container

Additional References

References