CVE-2024-48970

Nov. 15, 2024, 1:58 p.m.

9.3
Critical

Description

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.

Product(s) Impacted

Product Versions
ventilator
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1191
On-Chip Debug and Test Interface With Improper Access Control
The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

Tags

productsecurity@baxter.com
CWE-1191
2024-11-14
CVE-2024-48970

CVSS Score

9.3 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

    View Vector String

Timeline

Published: Nov. 14, 2024, 10:15 p.m.
Last Modified: Nov. 15, 2024, 1:58 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

productsecurity@baxter.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.