ID

VAR-201804-0519


CVE

CVE-2017-12712


TITLE

Abbott Laboratories pacemakers Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-013348

DESCRIPTION

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Authorized order. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2017-12712 // JVNDB: JVNDB-2017-013348 // CNVD: CNVD-2017-23901 // BID: 100523 // IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901

AFFECTED PRODUCTS

vendor:abbottmodel:assurityscope:ltversion:f14.07.80

Trust: 1.0

vendor:abbottmodel:accentscope:ltversion:f0b.0e.7e

Trust: 1.0

vendor:abbottmodel:anthemscope:ltversion:f0b.0e.7e

Trust: 1.0

vendor:abbottmodel:accent stscope:ltversion:f10.08.6c

Trust: 1.0

vendor:abbottmodel:assurity mriscope:ltversion:f17.01.49

Trust: 1.0

vendor:abbottmodel:allurescope:ltversion:f14.07.80

Trust: 1.0

vendor:abbottmodel:accent mriscope:ltversion:f10.08.6c

Trust: 1.0

vendor:abbottmodel:accentscope: - version: -

Trust: 0.8

vendor:abbottmodel:accent mriscope: - version: -

Trust: 0.8

vendor:abbottmodel:accent stscope: - version: -

Trust: 0.8

vendor:abbottmodel:allurescope: - version: -

Trust: 0.8

vendor:abbottmodel:anthemscope: - version: -

Trust: 0.8

vendor:abbottmodel:assurityscope: - version: -

Trust: 0.8

vendor:abbottmodel:assurity mriscope: - version: -

Trust: 0.8

vendor:abbottmodel:laboratories accent <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories anthem <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories accent mri <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories assurity <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories allure <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories assurity mri <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:assurity mriscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:assurityscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:anthemscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:allurescope:eqversion:0

Trust: 0.3

vendor:abbottmodel:accent stscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:accent mriscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:accentscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:assurity mri f17.01.49scope:neversion: -

Trust: 0.3

vendor:abbottmodel:assurity f14.07.80scope:neversion: -

Trust: 0.3

vendor:abbottmodel:anthem f0b.0e.7escope:neversion: -

Trust: 0.3

vendor:abbottmodel:allure f14.07.80scope:neversion: -

Trust: 0.3

vendor:abbottmodel:accent st f10.08.6cscope:neversion: -

Trust: 0.3

vendor:abbottmodel:accent mri f10.08.6cscope:neversion: -

Trust: 0.3

vendor:abbottmodel:accent f0b.0e.7escope:neversion: -

Trust: 0.3

vendor:accentmodel: - scope:eqversion:*

Trust: 0.2

vendor:anthemmodel: - scope:eqversion:*

Trust: 0.2

vendor:accent mrimodel: - scope:eqversion:*

Trust: 0.2

vendor:accent stmodel: - scope:eqversion:*

Trust: 0.2

vendor:assuritymodel: - scope:eqversion:*

Trust: 0.2

vendor:alluremodel: - scope:eqversion:*

Trust: 0.2

vendor:assurity mrimodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901 // BID: 100523 // JVNDB: JVNDB-2017-013348 // NVD: CVE-2017-12712

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12712
value: HIGH

Trust: 1.0

NVD: CVE-2017-12712
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-23901
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-084
value: HIGH

Trust: 0.6

IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2017-12712
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-23901
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-12712
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084 // NVD: CVE-2017-12712

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

problemtype:CWE-310

Trust: 0.8

sources: JVNDB: JVNDB-2017-013348 // NVD: CVE-2017-12712

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201709-084

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201709-084

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-013348

PATCH

title:Top Pageurl:http://www.abbott.com/

Trust: 0.8

title:Abbott Laboratories' various pacemaker products are not authorized to access vulnerable patchesurl:https://www.cnvd.org.cn/patchInfo/show/101204

Trust: 0.6

title:Multiple Abbott Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74539

Trust: 0.6

sources: CNVD: CNVD-2017-23901 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084

EXTERNAL IDS

db:NVDid:CVE-2017-12712

Trust: 3.5

db:ICS CERTid:ICSMA-17-241-01

Trust: 3.3

db:BIDid:100523

Trust: 1.9

db:CNVDid:CNVD-2017-23901

Trust: 0.8

db:CNNVDid:CNNVD-201709-084

Trust: 0.8

db:ICS CERTid:ICSMA-18-107-01

Trust: 0.8

db:JVNDBid:JVNDB-2017-013348

Trust: 0.8

db:AUSCERTid:ESB-2017.2157

Trust: 0.3

db:IVDid:767A6A23-3EAA-43AB-8A2A-70FF0F71BC14

Trust: 0.2

sources: IVD: 767a6a23-3eaa-43ab-8a2a-70ff0f71bc14 // CNVD: CNVD-2017-23901 // BID: 100523 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084 // NVD: CVE-2017-12712

REFERENCES

url:https://ics-cert.us-cert.gov/advisories/icsma-17-241-01

Trust: 3.3

url:http://www.securityfocus.com/bid/100523

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12712

Trust: 0.8

url:https://ics-cert.us-cert.gov/advisories/icsma-18-107-01

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-12712

Trust: 0.8

url:http://www.abbott.com/

Trust: 0.3

url:http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices

Trust: 0.3

url:https://www.auscert.org.au/bulletins/51662

Trust: 0.3

url:https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm

Trust: 0.3

sources: CNVD: CNVD-2017-23901 // BID: 100523 // JVNDB: JVNDB-2017-013348 // CNNVD: CNNVD-201709-084 // NVD: CVE-2017-12712

CREDITS

MedSec Holdings Ltd

Trust: 0.9

sources: BID: 100523 // CNNVD: CNNVD-201709-084

SOURCES

db:IVDid:767a6a23-3eaa-43ab-8a2a-70ff0f71bc14
db:CNVDid:CNVD-2017-23901
db:BIDid:100523
db:JVNDBid:JVNDB-2017-013348
db:CNNVDid:CNNVD-201709-084
db:NVDid:CVE-2017-12712

LAST UPDATE DATE

2024-11-23T22:17:36.184000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-23901date:2017-08-30T00:00:00
db:BIDid:100523date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-013348date:2018-07-04T00:00:00
db:CNNVDid:CNNVD-201709-084date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12712date:2024-11-21T03:10:04.707

SOURCES RELEASE DATE

db:IVDid:767a6a23-3eaa-43ab-8a2a-70ff0f71bc14date:2017-08-30T00:00:00
db:CNVDid:CNVD-2017-23901date:2017-08-30T00:00:00
db:BIDid:100523date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-013348date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201709-084date:2017-08-29T00:00:00
db:NVDid:CVE-2017-12712date:2018-04-25T13:29:00.227