ID
VAR-201804-0520
CVE
CVE-2017-12714
TITLE
Abbott Laboratories pacemakers Access control vulnerability
Trust: 0.8
DESCRIPTION
Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an access control vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Battery life. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions
Trust: 2.61
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | abbott | model: | assurity | scope: | lt | version: | f14.07.80 | Trust: 1.0 |
| vendor: | abbott | model: | accent | scope: | lt | version: | f0b.0e.7e | Trust: 1.0 |
| vendor: | abbott | model: | anthem | scope: | lt | version: | f0b.0e.7e | Trust: 1.0 |
| vendor: | abbott | model: | accent st | scope: | lt | version: | f10.08.6c | Trust: 1.0 |
| vendor: | abbott | model: | assurity mri | scope: | lt | version: | f17.01.49 | Trust: 1.0 |
| vendor: | abbott | model: | allure | scope: | lt | version: | f14.07.80 | Trust: 1.0 |
| vendor: | abbott | model: | accent mri | scope: | lt | version: | f10.08.6c | Trust: 1.0 |
| vendor: | abbott | model: | accent | scope: | - | version: | - | Trust: 0.8 |
| vendor: | abbott | model: | accent mri | scope: | - | version: | - | Trust: 0.8 |
| vendor: | abbott | model: | accent st | scope: | - | version: | - | Trust: 0.8 |
| vendor: | abbott | model: | allure | scope: | - | version: | - | Trust: 0.8 |
| vendor: | abbott | model: | anthem | scope: | - | version: | - | Trust: 0.8 |
| vendor: | abbott | model: | assurity | scope: | - | version: | - | Trust: 0.8 |
| vendor: | abbott | model: | assurity mri | scope: | - | version: | - | Trust: 0.8 |
| vendor: | abbott | model: | laboratories accent <august | scope: | eq | version: | 282017 | Trust: 0.6 |
| vendor: | abbott | model: | laboratories anthem <august | scope: | eq | version: | 282017 | Trust: 0.6 |
| vendor: | abbott | model: | laboratories accent mri <august | scope: | eq | version: | 282017 | Trust: 0.6 |
| vendor: | abbott | model: | laboratories assurity <august | scope: | eq | version: | 282017 | Trust: 0.6 |
| vendor: | abbott | model: | laboratories allure <august | scope: | eq | version: | 282017 | Trust: 0.6 |
| vendor: | abbott | model: | laboratories assurity mri <august | scope: | eq | version: | 282017 | Trust: 0.6 |
| vendor: | abbott | model: | assurity mri | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | abbott | model: | assurity | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | abbott | model: | anthem | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | abbott | model: | allure | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | abbott | model: | accent st | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | abbott | model: | accent mri | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | abbott | model: | accent | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | abbott | model: | assurity mri f17.01.49 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | abbott | model: | assurity f14.07.80 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | abbott | model: | anthem f0b.0e.7e | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | abbott | model: | allure f14.07.80 | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | abbott | model: | accent st f10.08.6c | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | abbott | model: | accent mri f10.08.6c | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | abbott | model: | accent f0b.0e.7e | scope: | ne | version: | - | Trust: 0.3 |
| vendor: | accent | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | anthem | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | accent mri | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | accent st | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | assurity | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | allure | model: | - | scope: | eq | version: | * | Trust: 0.2 |
| vendor: | assurity mri | model: | - | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-920 | Trust: 1.0 |
| problemtype: | CWE-284 | Trust: 0.8 |
THREAT TYPE
remote or local
Trust: 0.6
TYPE
lack of information
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | Top Page | url: | http://www.abbott.com/ | Trust: 0.8 |
| title: | Abbott Laboratories Patches for Multiple Pacemaker Product Access Limiting Vulnerabilities | url: | https://www.cnvd.org.cn/patchInfo/show/101203 | Trust: 0.6 |
| title: | Multiple Abbott Product security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74540 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-12714 | Trust: 3.5 |
| db: | ICS CERT | id: | ICSMA-17-241-01 | Trust: 3.3 |
| db: | BID | id: | 100523 | Trust: 1.9 |
| db: | CNVD | id: | CNVD-2017-23900 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201709-085 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSMA-18-107-01 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2017-013349 | Trust: 0.8 |
| db: | AUSCERT | id: | ESB-2017.2157 | Trust: 0.3 |
| db: | IVD | id: | CB95B3A8-887C-44B0-B1F4-C00D35D478D6 | Trust: 0.2 |
REFERENCES
| url: | https://ics-cert.us-cert.gov/advisories/icsma-17-241-01 | Trust: 3.3 |
| url: | http://www.securityfocus.com/bid/100523 | Trust: 1.6 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12714 | Trust: 0.8 |
| url: | https://ics-cert.us-cert.gov/advisories/icsma-18-107-01 | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-12714 | Trust: 0.8 |
| url: | http://www.abbott.com/ | Trust: 0.3 |
| url: | http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices | Trust: 0.3 |
| url: | https://www.auscert.org.au/bulletins/51662 | Trust: 0.3 |
| url: | https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm | Trust: 0.3 |
CREDITS
MedSec Holdings Ltd
Trust: 0.9
SOURCES
| db: | IVD | id: | cb95b3a8-887c-44b0-b1f4-c00d35d478d6 |
| db: | CNVD | id: | CNVD-2017-23900 |
| db: | BID | id: | 100523 |
| db: | JVNDB | id: | JVNDB-2017-013349 |
| db: | CNNVD | id: | CNNVD-201709-085 |
| db: | NVD | id: | CVE-2017-12714 |
LAST UPDATE DATE
2024-11-23T22:17:36.258000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-23900 | date: | 2017-08-30T00:00:00 |
| db: | BID | id: | 100523 | date: | 2017-08-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013349 | date: | 2018-07-04T00:00:00 |
| db: | CNNVD | id: | CNNVD-201709-085 | date: | 2019-10-17T00:00:00 |
| db: | NVD | id: | CVE-2017-12714 | date: | 2024-11-21T03:10:04.977 |
SOURCES RELEASE DATE
| db: | IVD | id: | cb95b3a8-887c-44b0-b1f4-c00d35d478d6 | date: | 2017-08-30T00:00:00 |
| db: | CNVD | id: | CNVD-2017-23900 | date: | 2017-08-30T00:00:00 |
| db: | BID | id: | 100523 | date: | 2017-08-29T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-013349 | date: | 2018-06-22T00:00:00 |
| db: | CNNVD | id: | CNNVD-201709-085 | date: | 2017-08-29T00:00:00 |
| db: | NVD | id: | CVE-2017-12714 | date: | 2018-04-25T13:29:00.287 |