CVE-2021-38392
6.5
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Summary
A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Boston Scientific | ZOOM LATITUDE | Model 3120 | affected |
Weaknesses
- CWE-284: CWE-284 Improper Access Control
Workarounds
Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.