MedFDAWatch
LIVE
CRITICAL
--:--:-- UTC
↺ 10:00

Medical Device Cybersecurity Intelligence

Real-time alerts from FDA Safety Communications, CISA Known Exploited Vulnerabilities, and NIST NVD — filtered for life-critical medical devices.

42 Critical
22 High
0 Medium
64 Total

Last updated: 2026-05-17 17:34 UTC

CRITICAL ⚕ LIFE CRITICAL NVD CVSS 9.8
CVE-2014-5432

CVE-2014-5432 — Infusion Pump Vulnerability

infusion pump

Baxter SIGMA Spectrum Infusion System version 6.05 (model 35700BAX) with wireless battery module (WBM) version 16 is remotely accessible via Port 22/SSH without authentication. A remote attacker may be able to make unauthorized configuration changes to the WBM, as well as issue c…

2019-03-26 View Advisory →
CRITICAL ⚕ LIFE CRITICAL NVD CVSS 9.8
CVE-2015-3954

CVE-2015-3954 — Infusion Pump Vulnerability

infusion pump

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior give unauthenticated users root privileges on Port 23/TELNET by default. An unauthorized user could issue commands to the pu…

2019-03-25 View Advisory →
CRITICAL ⚕ LIFE CRITICAL NVD CVSS 9.8
CVE-2015-3956

CVE-2015-3956 — Infusion Pump Vulnerability

infusion pump

Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and prior, and Symbiq Infusion System, version 3.13 and prior accept drug libraries, firmware updates, pump commands, and unauthorized configuration changes from unauthenticated devices …

2019-03-25 View Advisory →
CRITICAL ⚕ LIFE CRITICAL NVD CVSS 10.0
CVE-2015-3459

CVE-2015-3459 — Infusion Pump Vulnerability

infusion pump

The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.

2015-04-29 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.8
CVE-2022-1049

CVE-2022-1049 — Pacemaker Vulnerability

pacemaker

A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired accounts, and accounts with expired passwords to login when using PAM authentication. Therefore, unprivileged expired accounts that have been denied access could still login.

2022-03-25 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 7.3
CVE-2020-10627

CVE-2020-10627 — Insulin Pump Vulnerability

insulin pump

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or au…

2021-12-01 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.8
CVE-2020-27264

CVE-2020-27264 — Insulin Pump Vulnerability

insulin pump

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys vi…

2021-01-19 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 7.2
CVE-2020-25654

CVE-2020-25654 — Pacemaker Vulnerability

pacemaker

An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the confi…

2020-11-24 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 7.1
CVE-2019-10964

CVE-2019-10964 — Insulin Pump Vulnerability

insulin pump

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authori…

2019-06-28 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 7.8
CVE-2018-16877

CVE-2018-16877 — Pacemaker Vulnerability

pacemaker

A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.

2019-04-18 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.8
CVE-2016-7035

CVE-2016-7035 — Pacemaker Vulnerability

pacemaker

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and…

2018-09-10 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.8
CVE-2017-12712

CVE-2017-12712 — Pacemaker Vulnerability

pacemaker

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communi…

2018-04-25 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.1
CVE-2017-12718

CVE-2017-12718 — Medical Device Vulnerability

medical device

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote co…

2018-02-15 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.1
CVE-2017-12718

CVE-2017-12718 — Infusion Pump Vulnerability

infusion pump

A Classic Buffer Overflow issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. A third-party component used in the pump does not verify input buffer size prior to copying, leading to a buffer overflow, allowing remote co…

2018-02-15 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.1
CVE-2017-12720

CVE-2017-12720 — Infusion Pump Vulnerability

infusion pump

An Improper Access Control issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump does not require authentication if the pump is configured to allow FTP connections.

2018-02-15 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 8.1
CVE-2017-12724

CVE-2017-12724 — Infusion Pump Vulnerability

infusion pump

A Use of Hard-coded Credentials issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. The FTP server on the pump contains hardcoded credentials, which are not fully initialized. The FTP server is only accessible if the pu…

2018-02-15 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 7.3
CVE-2017-12726

CVE-2017-12726 — Infusion Pump Vulnerability

infusion pump

A Use of Hard-coded Password issue was discovered in Smiths Medical Medfusion 4000 Wireless Syringe Infusion Pump, Version 1.1, 1.5, and 1.6. Telnet on the pump uses hardcoded credentials, which can be used if the pump is configured to allow external communications. Smiths Medica…

2018-02-15 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 7.5
CVE-2016-7797

CVE-2016-7797 — Pacemaker Vulnerability

pacemaker

Pacemaker before 1.1.15, when using pacemaker remote, might allow remote attackers to cause a denial of service (node disconnection) via an unauthenticated connection.

2017-03-24 View Advisory →
HIGH ⚕ LIFE CRITICAL NVD CVSS 7.5
CVE-2015-1867

CVE-2015-1867 — Pacemaker Vulnerability

pacemaker

Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command.

2015-08-12 View Advisory →
CRITICAL CISA-KEV
CVE-2026-6973

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.

2026-05-07 View Advisory →
CRITICAL CISA-KEV
CVE-2026-1340

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

2026-04-08 View Advisory →
CRITICAL CISA-KEV
CVE-2026-1603

Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager (EPM)

Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.

2026-03-09 View Advisory →
CRITICAL CISA-KEV
CVE-2026-1281

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.

2026-01-29 View Advisory →
CRITICAL CISA-KEV
CVE-2025-4428

Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Valida…

2025-05-19 View Advisory →
CRITICAL CISA-KEV
CVE-2025-4427

Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the …

2025-05-19 View Advisory →
CRITICAL CISA-KEV
CVE-2025-22457

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.

2025-04-04 View Advisory →
CRITICAL CISA-KEV
CVE-2024-13161

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Ivanti Endpoint Manager (EPM)

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

2025-03-10 View Advisory →
CRITICAL CISA-KEV
CVE-2024-13160

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Ivanti Endpoint Manager (EPM)

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

2025-03-10 View Advisory →
CRITICAL CISA-KEV
CVE-2024-13159

Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability

Ivanti Endpoint Manager (EPM)

Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.

2025-03-10 View Advisory →
CRITICAL CISA-KEV
CVE-2025-0282

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability

Ivanti Connect Secure, Policy Secure, and ZTA Gateways

Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

2025-01-08 View Advisory →
CRITICAL CISA-KEV
CVE-2024-9380

Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability

Ivanti Cloud Services Appliance (CSA)

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

2024-10-09 View Advisory →
CRITICAL CISA-KEV
CVE-2024-9379

Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability

Ivanti Cloud Services Appliance (CSA)

Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements.

2024-10-09 View Advisory →
CRITICAL CISA-KEV
CVE-2024-29824

Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability

Ivanti Endpoint Manager (EPM)

Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.

2024-10-02 View Advisory →
CRITICAL CISA-KEV
CVE-2024-7593

Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability

Ivanti Virtual Traffic Manager

Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.

2024-09-24 View Advisory →
CRITICAL CISA-KEV
CVE-2024-8963

Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability

Ivanti Cloud Services Appliance (CSA)

Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and exec…

2024-09-19 View Advisory →
CRITICAL CISA-KEV
CVE-2024-8190

Ivanti Cloud Services Appliance OS Command Injection Vulnerability

Ivanti Cloud Services Appliance

Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

2024-09-13 View Advisory →
CRITICAL CISA-KEV
CVE-2021-44529

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)

Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).

2024-03-25 View Advisory →
CRITICAL CISA-KEV
CVE-2024-21893

Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability

Ivanti Connect Secure, Policy Secure, and Neurons

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.

2024-01-31 View Advisory →
CRITICAL CISA-KEV
CVE-2023-35082

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core

Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.

2024-01-18 View Advisory →
CRITICAL CISA-KEV
CVE-2023-46805

Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability

Ivanti Connect Secure and Policy Secure

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be …

2024-01-10 View Advisory →
CRITICAL CISA-KEV
CVE-2024-21887

Ivanti Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Connect Secure and Policy Secure

Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appl…

2024-01-10 View Advisory →
CRITICAL CISA-KEV
CVE-2023-38035

Ivanti Sentry Authentication Bypass Vulnerability

Ivanti Sentry

Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.

2023-08-22 View Advisory →
CRITICAL CISA-KEV
CVE-2023-35081

Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restr…

2023-07-31 View Advisory →
CRITICAL CISA-KEV
CVE-2023-35078

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability

Ivanti Endpoint Manager Mobile (EPMM)

Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such…

2023-07-25 View Advisory →
CRITICAL CISA-KEV
CVE-2016-8562

Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability

Siemens SIMATIC CP

An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

2022-03-03 View Advisory →
CRITICAL CISA-KEV
CVE-2020-15505

Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability

Ivanti MobileIron Multiple Products

Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2021-22893

Ivanti Pulse Connect Secure Use-After-Free Vulnerability

Ivanti Pulse Connect Secure

Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2020-8243

Ivanti Pulse Connect Secure Code Execution Vulnerability

Ivanti Pulse Connect Secure

Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2021-22900

Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability

Ivanti Pulse Connect Secure

Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2021-22894

Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability

Ivanti Pulse Connect Secure

Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2020-8260

Ivanti Pulse Connect Secure Code Execution Vulnerability

Ivanti Pulse Connect Secure

Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2021-22899

Ivanti Pulse Connect Secure Command Injection Vulnerability

Ivanti Pulse Connect Secure

Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2019-11510

Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability

Ivanti Pulse Connect Secure

Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.

2021-11-03 View Advisory →
CRITICAL CISA-KEV
CVE-2019-11539

Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability

Ivanti Pulse Connect Secure and Pulse Policy Secure

Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.

2021-11-03 View Advisory →
CRITICAL NVD CVSS 9.8
CVE-2021-27410

CVE-2021-27410 — Medical Device Vulnerability

medical device

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Conn…

2021-06-11 View Advisory →
CRITICAL NVD CVSS 9.8
CVE-2017-14002

CVE-2017-14002 — Medical Device Vulnerability

medical device

GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current versions are affected these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devi…

2018-03-20 View Advisory →
CRITICAL NVD CVSS 9.8
CVE-2017-14006

CVE-2017-14006 — Medical Device Vulnerability

medical device

GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all current versions are affected, these devices use default or hard-coded credentials. Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affe…

2018-03-20 View Advisory →
HIGH NVD CVSS 7.5
CVE-2021-27408

CVE-2021-27408 — Medical Device Vulnerability

medical device

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to…

2021-06-11 View Advisory →
HIGH NVD CVSS 7.5
CVE-2020-12036

CVE-2020-12036 — Medical Device Vulnerability

medical device

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An a…

2020-06-29 View Advisory →
HIGH NVD CVSS 7.5
CVE-2020-12037

CVE-2020-12037 — Medical Device Vulnerability

medical device

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) when configured to send treatment data to a PDMS (Patient Data Management System) or an EMR (Electronic Medical Record) system. An a…

2020-06-29 View Advisory →
HIGH NVD CVSS 8.8
CVE-2017-10723

CVE-2017-10723 — Medical Device Vulnerability

medical device

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope c…

2019-06-17 View Advisory →
HIGH NVD CVSS 8.8
CVE-2017-10724

CVE-2017-10724 — Medical Device Vulnerability

medical device

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope c…

2019-06-17 View Advisory →
HIGH NVD CVSS 7.8
CVE-2019-11687

CVE-2019-11687 — Medical Device Vulnerability

medical device

An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable headers for multiple oper…

2019-05-02 View Advisory →
HIGH NVD CVSS 7.6
CVE-2019-5024

CVE-2019-5024 — Medical Device Vulnerability

medical device

A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulti…

2019-04-11 View Advisory →

Get Alerted

Receive email notifications when new medical device cybersecurity alerts are published.