Vulnerability Description
An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Abbott | Merlin\@Home Firmware | <= 8.0 |
| Abbott | Merlin\@Home Ex1100 | - |
| Abbott | Merlin\@Home Ex1150 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/95331Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01AMitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/95331Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01AMitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2017-5149?
CVE-2017-5149 is a vulnerability with a CVSS score of 8.9 (HIGH). An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The...
How severe is CVE-2017-5149?
CVE-2017-5149 has been rated HIGH with a CVSS base score of 8.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5149?
Check the references section above for vendor advisories and patch information. Affected products include: Abbott Merlin\@Home Firmware, Abbott Merlin\@Home Ex1100, Abbott Merlin\@Home Ex1150.