29 matches found
EUVD-2024-55607
Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network ca...
CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4481 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2021-4481
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...
CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation
Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...
CVE-2022-4992 Dräger Infinity M540 VG4.1.1 Spoofed Network Message Handling DoS/Tampering
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...
CVE-2021-4478 Dräger CC-Vision Basic and CC-Vision E-Cal Out-of-Bounds Write via Malicious GDT File
Dräger CC-Vision Basic before 7.5.3 and Dräger CC-Vision E-Cal before 7.2.5.0 contain an out-of-bounds write vulnerability when loading .gdt files. A crafted .gdt file can trigger a buffer overflow during file parsing, allowing an attacker to crash the application or execute malicious code on the...
PT-2026-45814
Name of the Vulnerable Software and Affected Versions Dräger CC-Vision Basic versions prior to 7.5.3 Dräger CC-Vision E-Cal versions prior to 7.2.5.0 Description An out-of-bounds write occurs when loading .gdt files. A specially crafted .gdt file can trigger a buffer overflow during file parsing,...
CVE-2019-25718
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause...
CVE-2021-28112
Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker...
CVE-2021-28111
Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker...
EUVD-2021-14813
Malware in sbrugna...
EUVD-2021-14814
Malware in sbrugna...
CVE-2025-2810 Draeger: ICMHelper is vulnerable to use of Hard-coded Cryptographic Key
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key...
CVE-2025-2810 Draeger: ICMHelper is vulnerable to use of Hard-coded Cryptographic Key
A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key...
CVE-2025-2810
CVE-2025-2810 affects Dräger ICMHelper (client assistance software) up to version 1.4.0.1 and earlier. The root cause is the use of a hard-coded cryptographic key, which can enable a low-privileged local attacker to abuse the affected service and potentially escalate privileges. Public documentat...
CVE-2021-28112
Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker...
CVE-2021-28111
Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker...
CVE-2021-28111
Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker...
CVE-2021-28112
Draeger X-Dock Firmware before 03.00.13 has Active Debug Code on a debug port, leading to remote code execution by an authenticated attacker...