CVE-2017-12712 — HIGH (8.8)

Q: How severe is CVE-2017-12712?

CVE-2017-12712 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-12712?

Check the references section above for vendor advisories and patch information. Affected products include: Abbott Accent Firmware, Abbott Accent, Abbott Anthem Firmware, Abbott Anthem, Abbott Accent Mri Firmware.

Vulnerability Description

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Abbott	Accent Firmware	< f0b.0e.7e
Abbott	Accent	-
Abbott	Anthem Firmware	< f0b.0e.7e
Abbott	Anthem	-
Abbott	Accent Mri Firmware	< f10.08.6c
Abbott	Accent Mri	-
Abbott	Accent St Firmware	< f10.08.6c
Abbott	Accent St	-
Abbott	Assurity Firmware	< f14.07.80
Abbott	Assurity	-
Abbott	Allure Firmware	< f14.07.80
Abbott	Allure	-
Abbott	Assurity Mri Firmware	< f17.01.49
Abbott	Assurity Mri	-

Related Weaknesses (CWE)

CWE-287

References

http://www.securityfocus.com/bid/100523Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/100523Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-12712?

CVE-2017-12712 is a vulnerability with a CVSS score of 8.8 (HIGH). The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow ...

How severe is CVE-2017-12712?

CVE-2017-12712 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12712?

Check the references section above for vendor advisories and patch information. Affected products include: Abbott Accent Firmware, Abbott Accent, Abbott Anthem Firmware, Abbott Anthem, Abbott Accent Mri Firmware.