CVE-2017-12714 — MEDIUM (6.5)

Q: How severe is CVE-2017-12714?

CVE-2017-12714 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-12714?

Check the references section above for vendor advisories and patch information. Affected products include: Abbott Accent Firmware, Abbott Accent, Abbott Anthem Firmware, Abbott Anthem, Abbott Accent Mri Firmware.

Vulnerability Description

Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Abbott	Accent Firmware	< f0b.0e.7e
Abbott	Accent	-
Abbott	Anthem Firmware	< f0b.0e.7e
Abbott	Anthem	-
Abbott	Accent Mri Firmware	< f10.08.6c
Abbott	Accent Mri	-
Abbott	Accent St Firmware	< f10.08.6c
Abbott	Accent St	-
Abbott	Assurity Firmware	< f14.07.80
Abbott	Assurity	-
Abbott	Allure Firmware	< f14.07.80
Abbott	Allure	-
Abbott	Assurity Mri Firmware	< f17.01.49
Abbott	Assurity Mri	-

Related Weaknesses (CWE)

CWE-920

References

http://www.securityfocus.com/bid/100523Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/100523Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2017-12714?

CVE-2017-12714 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attack...

How severe is CVE-2017-12714?

CVE-2017-12714 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12714?

Check the references section above for vendor advisories and patch information. Affected products include: Abbott Accent Firmware, Abbott Accent, Abbott Anthem Firmware, Abbott Anthem, Abbott Accent Mri Firmware.