Lucene search

[email protected]NVD:CVE-2019-18254

HistoryJun 29, 2020 - 2:15 p.m.

CVE-2019-18254

2020-06-2914:15:10

CWE-311

CWE-312

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%

JSON

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

Affected configurations

NVD

Node

biotronikcardiomessenger_ii-s_gsm_firmwareMatch2.20

AND

biotronikcardiomessenger_ii-s_gsmMatch-

Node

biotronikcardiomessenger_ii-s_t-line_firmwareMatch2.20

AND

biotronikcardiomessenger_ii-s_t-lineMatch-

References

www.us-cert.gov/ics/advisories/icsma-20-170-05

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

29.6%

JSON

Related for NVD:CVE-2019-18254

cve1 cvelist1 prion1 ics1