CVE-2017-5149

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 8.9

CVSS2: 6.8

EPSS Низкий

Описание

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.

Ссылки

http://www.securityfocus.com/bid/95331
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A
Mitigation
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/95331
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:abbott:merlin\@home_firmware:*:*:*:*:*:*:*:*

Версия до 8.0 (включая)

Одно из

cpe:2.3:h:abbott:merlin\@home_ex1100:-:*:*:*:*:*:*:*

cpe:2.3:h:abbott:merlin\@home_ex1150:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.00318

Низкий

8.9 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

GHSA-64pp-r5x2-fgff