Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Accent and Anthem by Abbott Laboratories

    CVE-2017-12716 (GCVE-0-2017-12716)

    Vulnerability from nvd – Published: 2018-04-25 13:00 – Updated: 2024-09-17 01:55
    VLAI
    Summary
    Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • CWE-311 - Missing encryption of sensitive data CWE-311
    Assigner
    References
    Impacted products
    Vendor Product Version
    Abbott Laboratories Accent and Anthem Affected: All versions of pacemakers manufactured prior to August 28, 2017
    Create a notification for this product.
    Date Public
    2017-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:56.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
              },
              {
                "name": "100523",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100523"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Accent and Anthem",
              "vendor": "Abbott Laboratories",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of pacemakers manufactured prior to August 28, 2017"
                }
              ]
            }
          ],
          "datePublic": "2017-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "Missing encryption of sensitive data CWE-311",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
            },
            {
              "name": "100523",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100523"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2017-08-29T00:00:00",
              "ID": "CVE-2017-12716",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Accent and Anthem",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of pacemakers manufactured prior to August 28, 2017"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Abbott Laboratories"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing encryption of sensitive data CWE-311"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
                },
                {
                  "name": "100523",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100523"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-12716",
        "datePublished": "2018-04-25T13:00:00.000Z",
        "dateReserved": "2017-08-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:55:36.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12716 (GCVE-0-2017-12716)

    Vulnerability from cvelistv5 – Published: 2018-04-25 13:00 – Updated: 2024-09-17 01:55
    VLAI
    Summary
    Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • CWE-311 - Missing encryption of sensitive data CWE-311
    Assigner
    References
    Impacted products
    Vendor Product Version
    Abbott Laboratories Accent and Anthem Affected: All versions of pacemakers manufactured prior to August 28, 2017
    Create a notification for this product.
    Date Public
    2017-08-29 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:56.589Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
              },
              {
                "name": "100523",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/100523"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Accent and Anthem",
              "vendor": "Abbott Laboratories",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions of pacemakers manufactured prior to August 28, 2017"
                }
              ]
            }
          ],
          "datePublic": "2017-08-29T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-311",
                  "description": "Missing encryption of sensitive data CWE-311",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-04-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
            },
            {
              "name": "100523",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/100523"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2017-08-29T00:00:00",
              "ID": "CVE-2017-12716",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Accent and Anthem",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions of pacemakers manufactured prior to August 28, 2017"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Abbott Laboratories"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing encryption of sensitive data CWE-311"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
                },
                {
                  "name": "100523",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/100523"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-12716",
        "datePublished": "2018-04-25T13:00:00.000Z",
        "dateReserved": "2017-08-09T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:55:36.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }