Sign-up

ID

VAR-202006-0828


CVE

CVE-2019-18246


TITLE

BIOTRONIK CardioMessenger II Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015749

DESCRIPTION

BIOTRONIK CardioMessenger II, The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. BIOTRONIK CardioMessenger II There is an authentication vulnerability in.Information may be obtained. Attackers can use this vulnerability to affect confidentiality. Biotronik CardioMessenger II-S is a portable medical monitoring device of German Biotronik company. It is mainly used to monitor implantable devices such as cardiac pacemakers. Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20 have an authorization issue vulnerability, which originated from the program's failure to perform two-way authentication with the Biotronik Remote Communication device. There is currently no information about this vulnerability, so please pay attention to CNNVD or manufacturer announcements

Trust: 2.7

sources: NVD: CVE-2019-18246 // JVNDB: JVNDB-2019-015749 // CNVD: CNVD-2020-52058 // CNNVD: CNNVD-202006-1221

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52058

AFFECTED PRODUCTS

vendor:biotronikmodel:cardiomessenger ii-s t-linescope:eqversion:2.20

Trust: 1.0

vendor:biotronikmodel:cardiomessenger ii-s gsmscope:eqversion:2.20

Trust: 1.0

vendor:biotronikmodel:cardiomessenger ii-s gsmscope: - version: -

Trust: 0.8

vendor:biotronikmodel:cardiomessenger ii-s t-linescope: - version: -

Trust: 0.8

vendor:biotronikmodel:cardiomessenger ii-s t-line t4appscope:eqversion:2.20

Trust: 0.6

vendor:biotronikmodel:cardiomessenger ii-s gsm t4appscope:eqversion:2.20

Trust: 0.6

sources: CNVD: CNVD-2020-52058 // JVNDB: JVNDB-2019-015749 // NVD: CVE-2019-18246

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18246
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015749
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-52058
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1221
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18246
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015749
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52058
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.1
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18246
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015749
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52058 // JVNDB: JVNDB-2019-015749 // CNNVD: CNNVD-202006-1221 // NVD: CVE-2019-18246

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-015749 // NVD: CVE-2019-18246

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1221

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202006-1221

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015749

PATCH
title:Top Pageurl:https://www.biotronik.com/en-de
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015749

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-170-05
Trust: 3.0
db:NVDid:CVE-2019-18246
Trust: 3.0
db:JVNid:JVNVU97042917
Trust: 0.8
db:JVNDBid:JVNDB-2019-015749
Trust: 0.8
db:CNVDid:CNVD-2020-52058
Trust: 0.6
db:NSFOCUSid:47654
Trust: 0.6
db:AUSCERTid:ESB-2020.2144
Trust: 0.6
db:CNNVDid:CNNVD-202006-1221
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52058 // 
            
            
            
            JVNDB: JVNDB-2019-015749 // 
            
            
            
            CNNVD: CNNVD-202006-1221 // 
            
            
            
            NVD: CVE-2019-18246

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-05
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-18246
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18246
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-05
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97042917/index.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47654
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2144/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52058 // 
            
            
            
            JVNDB: JVNDB-2019-015749 // 
            
            
            
            CNNVD: CNNVD-202006-1221 // 
            
            
            
            NVD: CVE-2019-18246

CREDITS
Guillaume Bour,Marie Moe,Anniken Wium Lie
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1221

SOURCES
db:CNVDid:CNVD-2020-52058
db:JVNDBid:JVNDB-2019-015749
db:CNNVDid:CNNVD-202006-1221
db:NVDid:CVE-2019-18246

LAST UPDATE DATE
2024-11-23T22:29:36.123000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52058date:2020-09-15T00:00:00
db:JVNDBid:JVNDB-2019-015749date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202006-1221date:2021-04-07T00:00:00
db:NVDid:CVE-2019-18246date:2024-11-21T04:32:54.823

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52058date:2020-09-15T00:00:00
db:JVNDBid:JVNDB-2019-015749date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202006-1221date:2020-06-18T00:00:00
db:NVDid:CVE-2019-18246date:2020-06-29T14:15:10.210