Lucene search

K
cvelistIcscertCVELIST:CVE-2019-18254
HistoryJun 29, 2020 - 1:56 p.m.

CVE-2019-18254

2020-06-2913:56:26
CWE-311
icscert
www.cve.org
4
biotronik
cardiomessenger
data encryption
sensitive information
medical measurement
serial number
physical access

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

29.5%

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

CNA Affected

[
  {
    "product": "BIOTRONIK CardioMessenger II-S T-Line, CardioMessenger II-S GSM",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "CardioMessenger II-S T-Line T4APP 2.20, CardioMessenger II-S GSM T4APP 2.20"
      }
    ]
  }
]

AI Score

4.4

Confidence

High

EPSS

0.001

Percentile

29.5%

Related for CVELIST:CVE-2019-18254