CVE-2024-48967 — CRITICAL (10.0)

Vulnerability Description

The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Related Weaknesses (CWE)

CWE-778

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

FAQ

What is CVE-2024-48967?

CVE-2024-48967 is a vulnerability with a CVSS score of 10.0 (CRITICAL). The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator...

How severe is CVE-2024-48967?

CVE-2024-48967 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-48967?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.