Sign-up

ID

VAR-201804-0521


CVE

CVE-2017-12716


TITLE

Abbott Laboratories pacemakers Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-013350

DESCRIPTION

Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities. Abbott Laboratories pacemakers Contains an information disclosure vulnerability.Information may be obtained. Accent, Anthem, Accent MRI, Assurity, Allure, and Assurity MRI are all implantable medical devices from Abbott Laboratories. Multiple Abbott Pacemakers are prone to the following multiple security vulnerabilities: 1. An authentication-bypass vulnerability 2. An information-disclosure vulnerability 3. A Denial-of-Service vulnerability Successful exploits may allow an attacker to gain unauthorized access or bypass intended security restrictions, obtain sensitive information or cause denial-of-service conditions

Trust: 2.61

sources: NVD: CVE-2017-12716 // JVNDB: JVNDB-2017-013350 // CNVD: CNVD-2017-23899 // BID: 100523 // IVD: 1f40774e-70db-4d0b-92b4-a4c00c1e8ce5

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 1f40774e-70db-4d0b-92b4-a4c00c1e8ce5 // CNVD: CNVD-2017-23899

AFFECTED PRODUCTS

vendor:abbottmodel:accent mriscope:ltversion:f10.08.6c

Trust: 1.0

vendor:abbottmodel:accentscope:ltversion:f0b.0e.7e

Trust: 1.0

vendor:abbottmodel:anthemscope:ltversion:f0b.0e.7e

Trust: 1.0

vendor:abbottmodel:accent stscope:ltversion:f10.08.6c

Trust: 1.0

vendor:abbottmodel:accentscope: - version: -

Trust: 0.8

vendor:abbottmodel:accent mriscope: - version: -

Trust: 0.8

vendor:abbottmodel:accent stscope: - version: -

Trust: 0.8

vendor:abbottmodel:anthemscope: - version: -

Trust: 0.8

vendor:abbottmodel:laboratories accent <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories anthem <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories accent mri <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:laboratories assurity mri <augustscope:eqversion:282017

Trust: 0.6

vendor:abbottmodel:assurity mriscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:assurityscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:anthemscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:allurescope:eqversion:0

Trust: 0.3

vendor:abbottmodel:accent stscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:accent mriscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:accentscope:eqversion:0

Trust: 0.3

vendor:abbottmodel:assurity mri f17.01.49scope:neversion: -

Trust: 0.3

vendor:abbottmodel:assurity f14.07.80scope:neversion: -

Trust: 0.3

vendor:abbottmodel:anthem f0b.0e.7escope:neversion: -

Trust: 0.3

vendor:abbottmodel:allure f14.07.80scope:neversion: -

Trust: 0.3

vendor:abbottmodel:accent st f10.08.6cscope:neversion: -

Trust: 0.3

vendor:abbottmodel:accent mri f10.08.6cscope:neversion: -

Trust: 0.3

vendor:abbottmodel:accent f0b.0e.7escope:neversion: -

Trust: 0.3

vendor:accentmodel: - scope:eqversion:*

Trust: 0.2

vendor:anthemmodel: - scope:eqversion:*

Trust: 0.2

vendor:accent mrimodel: - scope:eqversion:*

Trust: 0.2

vendor:accent stmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 1f40774e-70db-4d0b-92b4-a4c00c1e8ce5 // CNVD: CNVD-2017-23899 // BID: 100523 // JVNDB: JVNDB-2017-013350 // NVD: CVE-2017-12716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-12716
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-12716
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-23899
value: LOW

Trust: 0.6

CNNVD: CNNVD-201709-086
value: MEDIUM

Trust: 0.6

IVD: 1f40774e-70db-4d0b-92b4-a4c00c1e8ce5
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2017-12716
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-23899
severity: LOW
baseScore: 1.8
vectorString: AV:A/AC:H/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 1f40774e-70db-4d0b-92b4-a4c00c1e8ce5
severity: LOW
baseScore: 1.8
vectorString: AV:A/AC:H/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.2
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2017-12716
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: IVD: 1f40774e-70db-4d0b-92b4-a4c00c1e8ce5 // CNVD: CNVD-2017-23899 // JVNDB: JVNDB-2017-013350 // CNNVD: CNNVD-201709-086 // NVD: CVE-2017-12716

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.0

problemtype:CWE-319

Trust: 1.0

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2017-013350 // NVD: CVE-2017-12716

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201709-086

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-086

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013350

PATCH
title:Top Pageurl:http://www.abbott.com/
Trust: 0.8
title:Abbott Laboratories Patches for Errors in Encrypting Sensitive Data Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/101202
Trust: 0.6
title:Multiple Abbott Product information disclosure vulnerability repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74541
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-23899 // 
            
            
            
            JVNDB: JVNDB-2017-013350 // 
            
            
            
            CNNVD: CNNVD-201709-086

EXTERNAL IDS
db:NVDid:CVE-2017-12716
Trust: 3.5
db:ICS CERTid:ICSMA-17-241-01
Trust: 3.3
db:BIDid:100523
Trust: 1.9
db:CNVDid:CNVD-2017-23899
Trust: 0.8
db:CNNVDid:CNNVD-201709-086
Trust: 0.8
db:JVNDBid:JVNDB-2017-013350
Trust: 0.8
db:AUSCERTid:ESB-2017.2157
Trust: 0.3
db:IVDid:1F40774E-70DB-4D0B-92B4-A4C00C1E8CE5
Trust: 0.2
sources:
            
            
            IVD: 1f40774e-70db-4d0b-92b4-a4c00c1e8ce5 // 
            
            
            
            CNVD: CNVD-2017-23899 // 
            
            
            
            BID: 100523 // 
            
            
            
            JVNDB: JVNDB-2017-013350 // 
            
            
            
            CNNVD: CNNVD-201709-086 // 
            
            
            
            NVD: CVE-2017-12716

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-241-01
Trust: 3.3
url:http://www.securityfocus.com/bid/100523
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12716
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-12716
Trust: 0.8
url:http://www.abbott.com/
Trust: 0.3
url:http://abbott.mediaroom.com/2017-08-29-abbott-issues-new-updates-for-implanted-cardiac-devices
Trust: 0.3
url:https://www.auscert.org.au/bulletins/51662
Trust: 0.3
url:https://www.fda.gov/medicaldevices/safety/alertsandnotices/ucm573669.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-23899 // 
            
            
            
            BID: 100523 // 
            
            
            
            JVNDB: JVNDB-2017-013350 // 
            
            
            
            CNNVD: CNNVD-201709-086 // 
            
            
            
            NVD: CVE-2017-12716

CREDITS
MedSec Holdings Ltd
Trust: 0.9
sources:
            
            
            BID: 100523 // 
            
            
            
            CNNVD: CNNVD-201709-086

SOURCES
db:IVDid:1f40774e-70db-4d0b-92b4-a4c00c1e8ce5
db:CNVDid:CNVD-2017-23899
db:BIDid:100523
db:JVNDBid:JVNDB-2017-013350
db:CNNVDid:CNNVD-201709-086
db:NVDid:CVE-2017-12716

LAST UPDATE DATE
2024-11-23T22:17:36.221000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-23899date:2017-08-30T00:00:00
db:BIDid:100523date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-013350date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201709-086date:2019-10-17T00:00:00
db:NVDid:CVE-2017-12716date:2024-11-21T03:10:05.107

SOURCES RELEASE DATE
db:IVDid:1f40774e-70db-4d0b-92b4-a4c00c1e8ce5date:2017-08-30T00:00:00
db:CNVDid:CNVD-2017-23899date:2017-08-30T00:00:00
db:BIDid:100523date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2017-013350date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201709-086date:2017-08-29T00:00:00
db:NVDid:CVE-2017-12716date:2018-04-25T13:29:00.333