CVE-2017-12714 Information

Description

Abbott Laboratories pacemakers manufactured prior to Aug 28 2017 do not restrict or limit the number of correctly formatted \RF wake-up\ commands that can be received which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3 CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.securityfocus.com/bid/100523 https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

6.5