Lucene search

K
cveIcscertCVE-2020-27260
HistoryJan 08, 2021 - 4:15 p.m.

CVE-2020-27260

2021-01-0816:15:14
CWE-74
icscert
web.nvd.nist.gov
30
cve-2020-27260
innokas yhtymä oy
vital signs monitor vc150
hl7 v2.x injection
vulnerability
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

29.0%

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters.

Affected configurations

Nvd
Node
innokasmedicalvital_signs_monitor_vc150Match-
AND
innokasmedicalvital_signs_monitor_vc150_firmwareRange<1.7.15

CNA Affected

[
  {
    "product": "BIGCOMPANYSOFT SOFTWARE PRODUCT",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "VC150 prior to Version 1.7.15"
      }
    ]
  }
]

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

29.0%

Related for CVE-2020-27260