Vulnerability Description
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abbott | Accent Firmware | < f0b.0e.7e |
| Abbott | Accent | - |
| Abbott | Anthem Firmware | < f0b.0e.7e |
| Abbott | Anthem | - |
| Abbott | Accent Mri Firmware | < f10.08.6c |
| Abbott | Accent Mri | - |
| Abbott | Accent St Firmware | < f10.08.6c |
| Abbott | Accent St | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/100523Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/100523Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-12716?
CVE-2017-12716 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionall...
How severe is CVE-2017-12716?
CVE-2017-12716 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-12716?
Check the references section above for vendor advisories and patch information. Affected products include: Abbott Accent Firmware, Abbott Accent, Abbott Anthem Firmware, Abbott Anthem, Abbott Accent Mri Firmware.