Search criteria
7 vulnerabilities found for Infinity Delta XL by Dräger
CVE-2019-25717 (GCVE-0-2019-25717)
Vulnerability from nvd – Published: 2026-06-02 13:42 – Updated: 2026-06-03 13:46
VLAI
Title
Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure
Summary
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://static.draeger.com/security | vendor-advisory |
| https://www.vulncheck.com/advisories/dr-ger-infin… | third-party-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dräger | Infinity Delta |
Affected:
all software versions
(custom)
|
|
| Dräger | Infinity Delta XL |
Affected:
all software versions
(custom)
|
|
| Dräger | Infinity Kappa |
Affected:
all software versions
(custom)
|
Date Public
2019-01-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T13:45:52.446853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T13:46:03.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Infinity Delta",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "all software versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Delta XL",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "all software versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Kappa",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "all software versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Ruef and Rocco Gagliardi, scip AG"
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.\u003c/p\u003e"
}
],
"value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:42:35.033Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://static.draeger.com/security"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitors-unauthenticated-log-file-disclosure"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25717",
"datePublished": "2026-06-02T13:42:35.033Z",
"dateReserved": "2026-06-01T21:15:41.689Z",
"dateUpdated": "2026-06-03T13:46:03.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25716 (GCVE-0-2019-25716)
Vulnerability from nvd – Published: 2026-06-01 21:15 – Updated: 2026-06-03 20:06
VLAI
Title
Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet
Summary
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-15 - External Control of System or Configuration Setting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://static.draeger.com/security/download/2019… | vendor-advisory |
| https://www.vulncheck.com/advisories/dr-ger-infin… | third-party-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dräger | Infinity Delta |
Affected:
Infinity Delta
(custom)
|
|
| Dräger | Infinity Delta XL |
Affected:
Infinity Delta XL
(custom)
|
|
| Dräger | Infinity Kappa |
Affected:
Infinity Kappa
(custom)
|
Date Public
2019-01-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:09:36.384627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:45:56.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Infinity Delta",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "Infinity Delta",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Delta XL",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "Infinity Delta XL",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Kappa",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "Infinity Kappa",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Ruef and Rocco Gagliardi, scip AG"
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.\u003c/p\u003e"
}
],
"value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15 External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T20:06:47.074Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitor-dos-via-malformed-network-packet"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25716",
"datePublished": "2026-06-01T21:15:07.156Z",
"dateReserved": "2026-06-01T20:44:47.913Z",
"dateUpdated": "2026-06-03T20:06:47.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25717 (GCVE-0-2019-25717)
Vulnerability from cvelistv5 – Published: 2026-06-02 13:42 – Updated: 2026-06-03 13:46
VLAI
Title
Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure
Summary
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
Severity
4.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://static.draeger.com/security | vendor-advisory |
| https://www.vulncheck.com/advisories/dr-ger-infin… | third-party-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dräger | Infinity Delta |
Affected:
all software versions
(custom)
|
|
| Dräger | Infinity Delta XL |
Affected:
all software versions
(custom)
|
|
| Dräger | Infinity Kappa |
Affected:
all software versions
(custom)
|
Date Public
2019-01-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25717",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-03T13:45:52.446853Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T13:46:03.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Infinity Delta",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "all software versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Delta XL",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "all software versions",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Kappa",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "all software versions",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Ruef and Rocco Gagliardi, scip AG"
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.\u003c/p\u003e"
}
],
"value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:42:35.033Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://static.draeger.com/security"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitors-unauthenticated-log-file-disclosure"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25717",
"datePublished": "2026-06-02T13:42:35.033Z",
"dateReserved": "2026-06-01T21:15:41.689Z",
"dateUpdated": "2026-06-03T13:46:03.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-25716 (GCVE-0-2019-25716)
Vulnerability from cvelistv5 – Published: 2026-06-01 21:15 – Updated: 2026-06-03 20:06
VLAI
Title
Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet
Summary
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-15 - External Control of System or Configuration Setting
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://static.draeger.com/security/download/2019… | vendor-advisory |
| https://www.vulncheck.com/advisories/dr-ger-infin… | third-party-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dräger | Infinity Delta |
Affected:
Infinity Delta
(custom)
|
|
| Dräger | Infinity Delta XL |
Affected:
Infinity Delta XL
(custom)
|
|
| Dräger | Infinity Kappa |
Affected:
Infinity Kappa
(custom)
|
Date Public
2019-01-22 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25716",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T15:09:36.384627Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T15:45:56.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Infinity Delta",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "Infinity Delta",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Delta XL",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "Infinity Delta XL",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Infinity Kappa",
"vendor": "Dr\u00e4ger",
"versions": [
{
"status": "affected",
"version": "Infinity Kappa",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Ruef and Rocco Gagliardi, scip AG"
}
],
"datePublic": "2019-01-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.\u003c/p\u003e"
}
],
"value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15 External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-03T20:06:47.074Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitor-dos-via-malformed-network-packet"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2019-25716",
"datePublished": "2026-06-01T21:15:07.156Z",
"dateReserved": "2026-06-01T20:44:47.913Z",
"dateUpdated": "2026-06-03T20:06:47.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201901-0850
Vulnerability from variot - Updated: 2024-11-23 22:00Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system. plural Drager The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dräger Infinity is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. An information disclosure vulnerability. 3. A privilege-escalation vulnerability. An attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0850",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kappa",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "delta xl",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta xl",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity delta",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity explorer c700",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta xl",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700 vf10.1",
"scope": "ne",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:draeger:delta_xl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:infinity_delta_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:infinity_explorer_c700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:kappa_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef and Rocco Gagliardi from scip AG.",
"sources": [
{
"db": "BID",
"id": "106683"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19012",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-19012",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-129629",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2018-19012",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19012",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-19012",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-791",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-129629",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-791"
},
{
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system. plural Drager The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dr\u00c3\u00a4ger Infinity is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. An information disclosure vulnerability. \n3. A privilege-escalation vulnerability. \nAn attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19012"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "VULHUB",
"id": "VHN-129629"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-19-022-01",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-19012",
"trust": 2.8
},
{
"db": "BID",
"id": "106683",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-791",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-129629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129629"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-791"
},
{
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"id": "VAR-201901-0850",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129629"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:08.927000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.draeger.com/en_corp/Home"
},
{
"title": "Multiple Drager Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88915"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-791"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129629"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-022-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106683"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19012"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19012"
},
{
"trust": 0.3,
"url": "https://www.draeger.com/en_in/home"
},
{
"trust": 0.3,
"url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129629"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-791"
},
{
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129629"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-791"
},
{
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-129629"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-791"
},
{
"date": "2019-01-28T21:29:00.253000",
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129629"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014560"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-791"
},
{
"date": "2024-11-21T03:57:09.830000",
"db": "NVD",
"id": "CVE-2018-19012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-791"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Drager Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014560"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-791"
}
],
"trust": 0.6
}
}
VAR-201901-0848
Vulnerability from variot - Updated: 2024-11-23 22:00Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity. plural Drager The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dräger Infinity is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. An information disclosure vulnerability. 3. A privilege-escalation vulnerability. An attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions. are all medical monitor equipment of German Drager company. Input validation vulnerabilities exist in several Drger products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kappa",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "delta xl",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta xl",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity delta",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity explorer c700",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta xl",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700 vf10.1",
"scope": "ne",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:draeger:delta_xl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:infinity_delta_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:infinity_explorer_c700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:kappa_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef and Rocco Gagliardi from scip AG.",
"sources": [
{
"db": "BID",
"id": "106683"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-19010",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-129627",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-19010",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19010",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-19010",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-790",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129627",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity. plural Drager The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dr\u00c3\u00a4ger Infinity is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. An information disclosure vulnerability. \n3. A privilege-escalation vulnerability. \nAn attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions. are all medical monitor equipment of German Drager company. Input validation vulnerabilities exist in several Drger products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "VULHUB",
"id": "VHN-129627"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19010",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-19-022-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106683",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-129627",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"id": "VAR-201901-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:08.897000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.draeger.com/en_corp/Home"
},
{
"title": "Multiple Drager Fixes for product input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88921"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-022-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106683"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19010"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19010"
},
{
"trust": 0.3,
"url": "https://www.draeger.com/en_in/home"
},
{
"trust": 0.3,
"url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-129627"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-790"
},
{
"date": "2019-01-28T22:29:00.350000",
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129627"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-790"
},
{
"date": "2024-11-21T03:57:09.583000",
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Drager Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
],
"trust": 0.6
}
}
VAR-201901-0852
Vulnerability from variot - Updated: 2024-11-23 22:00Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. plural Drager The product contains a vulnerability related to information disclosure from log files.Information may be obtained. Dräger Infinity is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. 3. A privilege-escalation vulnerability. An attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0852",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kappa",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "delta xl",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta xl",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity delta",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity explorer c700",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta xl",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700 vf10.1",
"scope": "ne",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:draeger:delta_xl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:infinity_delta_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:infinity_explorer_c700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:draeger:kappa_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef and Rocco Gagliardi from scip AG.",
"sources": [
{
"db": "BID",
"id": "106683"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19014",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-19014",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-129631",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-19014",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-19014",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-19014",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-792",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129631",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-792"
},
{
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration. plural Drager The product contains a vulnerability related to information disclosure from log files.Information may be obtained. Dr\u00c3\u00a4ger Infinity is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. \n3. A privilege-escalation vulnerability. \nAn attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19014"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "VULHUB",
"id": "VHN-129631"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19014",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-19-022-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106683",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-792",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-129631",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129631"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-792"
},
{
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"id": "VAR-201901-0852",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129631"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:00:08.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.draeger.com/en_corp/Home"
},
{
"title": "Multiple Drager Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88916"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-792"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-022-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106683"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19014"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19014"
},
{
"trust": 0.3,
"url": "https://www.draeger.com/en_in/home"
},
{
"trust": 0.3,
"url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129631"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-792"
},
{
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129631"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-792"
},
{
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-129631"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-792"
},
{
"date": "2019-01-28T22:29:00.397000",
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129631"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014558"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-792"
},
{
"date": "2024-11-21T03:57:10.087000",
"db": "NVD",
"id": "CVE-2018-19014"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-792"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Drager Vulnerability related to information leakage from log files in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014558"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-792"
}
],
"trust": 0.6
}
}