CVE-2017-12716

Published Apr 25, 2018

Last updated 5 months ago

CVSS medium 6.5

Overview

Description: Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 3.3
Impact score: 2.9
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

ics-cert@hq.dhs.gov: CWE-311
nvd@nist.gov: CWE-319

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFF25F4E-CF32-41A5-9AEC-5CF2A1D70732",
            "versionEndExcluding": "f0b.0e.7e"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7261AA88-1BD6-4CDF-AFC0-31FD7F52B9E7"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6C940D7-5EA3-4D42-8FFE-0C38D2D0065E",
            "versionEndExcluding": "f0b.0e.7e"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4B28402F-D4DF-448B-8ED3-676E0B438331"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFC7CD6D-57F8-4479-A25C-9B9937FD3793",
            "versionEndExcluding": "f10.08.6c"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C752B8AA-8990-43DE-AB8B-57329E1E0AE1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CCA1805-9253-4267-ACE9-B9F3BBB1549A",
            "versionEndExcluding": "f10.08.6c"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "794620AF-C8D5-4511-B4AF-5E8B4347F558"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References