Details of VAR-201804-0519

ID

VAR-201804-0519

CVE

CVE-2017-12712

TITLE

Abbott Laboratories pacemakers Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013348

DESCRIPTION

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Authorized order. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2017-12712 // JVNDB: JVNDB-2017-013348 // CNVD: CNVD-2017-23901 // BID: 100523 // IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901

AFFECTED PRODUCTS

vendor:	abbott	model:	assurity	scope:	lt	version:	f14.07.80	Trust: 1.0
vendor:	abbott	model:	accent	scope:	lt	version:	f0b.0e.7e	Trust: 1.0
vendor:	abbott	model:	anthem	scope:	lt	version:	f0b.0e.7e	Trust: 1.0
vendor:	abbott	model:	accent st	scope:	lt	version:	f10.08.6c	Trust: 1.0
vendor:	abbott	model:	assurity mri	scope:	lt	version:	f17.01.49	Trust: 1.0
vendor:	abbott	model:	allure	scope:	lt	version:	f14.07.80	Trust: 1.0
vendor:	abbott	model:	accent mri	scope:	lt	version:	f10.08.6c	Trust: 1.0
vendor:	abbott	model:	accent	scope:	-	version:	-	Trust: 0.8
vendor:	abbott	model:	accent mri	scope:	-	version:	-	Trust: 0.8
vendor:	abbott	model:	accent st	scope:	-	version:	-	Trust: 0.8
vendor:	abbott	model:	allure	scope:	-	version:	-	Trust: 0.8
vendor:	abbott	model:	anthem	scope:	-	version:	-	Trust: 0.8
vendor:	abbott	model:	assurity	scope:	-	version:	-	Trust: 0.8
vendor:	abbott	model:	assurity mri	scope:	-	version:	-	Trust: 0.8
vendor:	abbott	model:	laboratories accent <august	scope:	eq	version:	282017	Trust: 0.6
vendor:	abbott	model:	laboratories anthem <august	scope:	eq	version:	282017	Trust: 0.6
vendor:	abbott	model:	laboratories accent mri <august	scope:	eq	version:	282017	Trust: 0.6
vendor:	abbott	model:	laboratories assurity <august	scope:	eq	version:	282017	Trust: 0.6
vendor:	abbott	model:	laboratories allure <august	scope:	eq	version:	282017	Trust: 0.6
vendor:	abbott	model:	laboratories assurity mri <august	scope:	eq	version:	282017	Trust: 0.6
vendor:	abbott	model:	assurity mri	scope:	eq	version:	0	Trust: 0.3
vendor:	abbott	model:	assurity	scope:	eq	version:	0	Trust: 0.3
vendor:	abbott	model:	anthem	scope:	eq	version:	0	Trust: 0.3
vendor:	abbott	model:	allure	scope:	eq	version:	0	Trust: 0.3
vendor:	abbott	model:	accent st	scope:	eq	version:	0	Trust: 0.3
vendor:	abbott	model:	accent mri	scope:	eq	version:	0	Trust: 0.3
vendor:	abbott	model:	accent	scope:	eq	version:	0	Trust: 0.3
vendor:	abbott	model:	assurity mri f17.01.49	scope:	ne	version:	-	Trust: 0.3
vendor:	abbott	model:	assurity f14.07.80	scope:	ne	version:	-	Trust: 0.3
vendor:	abbott	model:	anthem f0b.0e.7e	scope:	ne	version:	-	Trust: 0.3
vendor:	abbott	model:	allure f14.07.80	scope:	ne	version:	-	Trust: 0.3
vendor:	abbott	model:	accent st f10.08.6c	scope:	ne	version:	-	Trust: 0.3
vendor:	abbott	model:	accent mri f10.08.6c	scope:	ne	version:	-	Trust: 0.3
vendor:	abbott	model:	accent f0b.0e.7e	scope:	ne	version:	-	Trust: 0.3
vendor:	accent	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	anthem	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	accent mri	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	accent st	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	assurity	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	allure	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	assurity mri	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901 // BID: 100523 // JVNDB: JVNDB-2017-013348 // NVD: CVE-2017-12712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12712
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12712
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-23901
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201709-084
value:	HIGH
Trust: 0.6
IVD:	767a6a23-3eaa-43ab-8a2a-70ff0f71bc14
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2017-12712
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-23901
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	767a6a23-3eaa-43ab-8a2a-70ff0f71bc14
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-12712
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084 // NVD: CVE-2017-12712

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	CWE-310	Trust: 0.8

sources: JVNDB: JVNDB-2017-013348 // NVD: CVE-2017-12712

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201709-084

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-084

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013348

PATCH

title:	Top Page	url:	http://www.abbott.com/	Trust: 0.8
title:	Abbott Laboratories' various pacemaker products are not authorized to access vulnerable patches	url:	https://www.cnvd.org.cn/patchInfo/show/101204	Trust: 0.6
title:	Multiple Abbott Product security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74539	Trust: 0.6

sources: CNVD: CNVD-2017-23901 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12712	Trust: 3.5
db:	ICS CERT	id:	ICSMA-17-241-01	Trust: 3.3
db:	BID	id:	100523	Trust: 1.9
db:	CNVD	id:	CNVD-2017-23901	Trust: 0.8
db:	CNNVD	id:	CNNVD-201709-084	Trust: 0.8
db:	ICS CERT	id:	ICSMA-18-107-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-013348	Trust: 0.8
db:	AUSCERT	id:	ESB-2017.2157	Trust: 0.3
db:	IVD	id:	767A6A23-3EAA-43AB-8A2A-70FF0F71BC14	Trust: 0.2

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901 // BID: 100523 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084 // NVD: CVE-2017-12712

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-17-241-01	Trust: 3.3
url:	http://www.securityfocus.com/bid/100523	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12712	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsma-18-107-01	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12712	Trust: 0.8
url:	http://www.abbott.com/	Trust: 0.3
url:	http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices	Trust: 0.3
url:	https://www.auscert.org.au/bulletins/51662	Trust: 0.3
url:	https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm	Trust: 0.3

sources: CNVD: CNVD-2017-23901 // BID: 100523 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084 // NVD: CVE-2017-12712

CREDITS

MedSec Holdings Ltd

Trust: 0.9

sources: BID: 100523 // CNNVD: CNNVD-201709-084

SOURCES

db:	IVD	id:	767a6a23-3eaa-43ab-8a2a-70ff0f71bc14
db:	CNVD	id:	CNVD-2017-23901
db:	BID	id:	100523
db:	JVNDB	id:	JVNDB-2017-013348
db:	CNNVD	id:	CNNVD-201709-084
db:	NVD	id:	CVE-2017-12712

LAST UPDATE DATE

2024-11-23T22:17:36.184000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-23901	date:	2017-08-30T00:00:00
db:	BID	id:	100523	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-013348	date:	2018-07-04T00:00:00
db:	CNNVD	id:	CNNVD-201709-084	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-12712	date:	2024-11-21T03:10:04.707

SOURCES RELEASE DATE

db:	IVD	id:	767a6a23-3eaa-43ab-8a2a-70ff0f71bc14	date:	2017-08-30T00:00:00
db:	CNVD	id:	CNVD-2017-23901	date:	2017-08-30T00:00:00
db:	BID	id:	100523	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-013348	date:	2018-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201709-084	date:	2017-08-29T00:00:00
db:	NVD	id:	CVE-2017-12712	date:	2018-04-25T13:29:00.227