Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for infinity_delta_firmware by draeger

    CVE-2019-25717 (GCVE-0-2019-25717)

    Vulnerability from nvd – Published: 2026-06-02 13:42 – Updated: 2026-06-03 13:46
    VLAI
    Title
    Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure
    Summary
    Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dräger Infinity Delta Affected: all software versions (custom)
    Create a notification for this product.
    Dräger Infinity Delta XL Affected: all software versions (custom)
    Create a notification for this product.
    Dräger Infinity Kappa Affected: all software versions (custom)
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Credits
    Marc Ruef and Rocco Gagliardi, scip AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:45:52.446853Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T13:46:03.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "all software versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta XL",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "all software versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Kappa",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "all software versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marc Ruef and Rocco Gagliardi, scip AG"
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.\u003c/p\u003e"
                }
              ],
              "value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-538",
                  "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T13:42:35.033Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://static.draeger.com/security"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitors-unauthenticated-log-file-disclosure"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25717",
        "datePublished": "2026-06-02T13:42:35.033Z",
        "dateReserved": "2026-06-01T21:15:41.689Z",
        "dateUpdated": "2026-06-03T13:46:03.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-25716 (GCVE-0-2019-25716)

    Vulnerability from nvd – Published: 2026-06-01 21:15 – Updated: 2026-06-03 20:06
    VLAI
    Title
    Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet
    Summary
    Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-15 - External Control of System or Configuration Setting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dräger Infinity Delta Affected: Infinity Delta (custom)
    Create a notification for this product.
    Dräger Infinity Delta XL Affected: Infinity Delta XL (custom)
    Create a notification for this product.
    Dräger Infinity Kappa Affected: Infinity Kappa (custom)
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Credits
    Marc Ruef and Rocco Gagliardi, scip AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T15:09:36.384627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T15:45:56.330Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta XL",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta XL",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Kappa",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Kappa",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marc Ruef and Rocco Gagliardi, scip AG"
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.\u003c/p\u003e"
                }
              ],
              "value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15 External Control of System or Configuration Setting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T20:06:47.074Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitor-dos-via-malformed-network-packet"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25716",
        "datePublished": "2026-06-01T21:15:07.156Z",
        "dateReserved": "2026-06-01T20:44:47.913Z",
        "dateUpdated": "2026-06-03T20:06:47.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-19014 (GCVE-0-2018-19014)

    Vulnerability from nvd – Published: 2019-01-28 22:00 – Updated: 2024-09-16 20:31
    VLAI
    Summary
    Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration.
    Severity
    No CVSS data available.
    CWE
    • CWE-532 - INFORMATION EXPOSURE THROUGH LOG FILES CWE-532
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT Dräger Infinity Delta Affected: Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions.
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
              },
              {
                "name": "106683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                }
              ]
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-29T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
            },
            {
              "name": "106683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-22T00:00:00",
              "ID": "CVE-2018-19014",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
                },
                {
                  "name": "106683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19014",
        "datePublished": "2019-01-28T22:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:32.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19010 (GCVE-0-2018-19010)

    Vulnerability from nvd – Published: 2019-01-28 22:00 – Updated: 2024-09-16 17:32
    VLAI
    Summary
    Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT Dräger Infinity Delta Affected: Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions.
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:09.031Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
              },
              {
                "name": "106683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                }
              ]
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-29T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
            },
            {
              "name": "106683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-22T00:00:00",
              "ID": "CVE-2018-19010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
                },
                {
                  "name": "106683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19010",
        "datePublished": "2019-01-28T22:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:40.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19012 (GCVE-0-2018-19012)

    Vulnerability from nvd – Published: 2019-01-28 21:00 – Updated: 2024-09-17 04:08
    VLAI
    Summary
    Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT Dräger Infinity Delta Affected: Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions.
    Create a notification for this product.
    Date Public
    2018-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
              },
              {
                "name": "106683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                }
              ]
            }
          ],
          "datePublic": "2018-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-29T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
            },
            {
              "name": "106683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-01-22T00:00:00",
              "ID": "CVE-2018-19012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
                },
                {
                  "name": "106683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19012",
        "datePublished": "2019-01-28T21:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:08:49.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-25717 (GCVE-0-2019-25717)

    Vulnerability from cvelistv5 – Published: 2026-06-02 13:42 – Updated: 2026-06-03 13:46
    VLAI
    Title
    Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure
    Summary
    Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dräger Infinity Delta Affected: all software versions (custom)
    Create a notification for this product.
    Dräger Infinity Delta XL Affected: all software versions (custom)
    Create a notification for this product.
    Dräger Infinity Kappa Affected: all software versions (custom)
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Credits
    Marc Ruef and Rocco Gagliardi, scip AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25717",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-03T13:45:52.446853Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-03T13:46:03.638Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "all software versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta XL",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "all software versions",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Kappa",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "all software versions",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marc Ruef and Rocco Gagliardi, scip AG"
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.\u003c/p\u003e"
                }
              ],
              "value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-538",
                  "description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-02T13:42:35.033Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://static.draeger.com/security"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitors-unauthenticated-log-file-disclosure"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25717",
        "datePublished": "2026-06-02T13:42:35.033Z",
        "dateReserved": "2026-06-01T21:15:41.689Z",
        "dateUpdated": "2026-06-03T13:46:03.638Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-25716 (GCVE-0-2019-25716)

    Vulnerability from cvelistv5 – Published: 2026-06-01 21:15 – Updated: 2026-06-03 20:06
    VLAI
    Title
    Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet
    Summary
    Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-15 - External Control of System or Configuration Setting
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dräger Infinity Delta Affected: Infinity Delta (custom)
    Create a notification for this product.
    Dräger Infinity Delta XL Affected: Infinity Delta XL (custom)
    Create a notification for this product.
    Dräger Infinity Kappa Affected: Infinity Kappa (custom)
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Credits
    Marc Ruef and Rocco Gagliardi, scip AG
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25716",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-02T15:09:36.384627Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-02T15:45:56.330Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Delta XL",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta XL",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "Infinity Kappa",
              "vendor": "Dr\u00e4ger",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Kappa",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Marc Ruef and Rocco Gagliardi, scip AG"
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eDr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.\u003c/p\u003e"
                }
              ],
              "value": "Dr\u00e4ger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "ADJACENT",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-15",
                  "description": "CWE-15 External Control of System or Configuration Setting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-03T20:06:47.074Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/dr-ger-infinity-delta-kappa-patient-monitor-dos-via-malformed-network-packet"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Dr\u00e4ger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet",
          "x_generator": {
            "engine": "Vulnogram 1.0.2"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25716",
        "datePublished": "2026-06-01T21:15:07.156Z",
        "dateReserved": "2026-06-01T20:44:47.913Z",
        "dateUpdated": "2026-06-03T20:06:47.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2018-19014 (GCVE-0-2018-19014)

    Vulnerability from cvelistv5 – Published: 2019-01-28 22:00 – Updated: 2024-09-16 20:31
    VLAI
    Summary
    Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration.
    Severity
    No CVSS data available.
    CWE
    • CWE-532 - INFORMATION EXPOSURE THROUGH LOG FILES CWE-532
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT Dräger Infinity Delta Affected: Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions.
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
              },
              {
                "name": "106683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                }
              ]
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-29T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
            },
            {
              "name": "106683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-22T00:00:00",
              "ID": "CVE-2018-19014",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
                },
                {
                  "name": "106683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19014",
        "datePublished": "2019-01-28T22:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:31:32.329Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19010 (GCVE-0-2018-19010)

    Vulnerability from cvelistv5 – Published: 2019-01-28 22:00 – Updated: 2024-09-16 17:32
    VLAI
    Summary
    Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT Dräger Infinity Delta Affected: Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions.
    Create a notification for this product.
    Date Public
    2019-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:09.031Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
              },
              {
                "name": "106683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                }
              ]
            }
          ],
          "datePublic": "2019-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-29T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
            },
            {
              "name": "106683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2019-01-22T00:00:00",
              "ID": "CVE-2018-19010",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
                },
                {
                  "name": "106683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19010",
        "datePublished": "2019-01-28T22:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:32:40.689Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-19012 (GCVE-0-2018-19012)

    Vulnerability from cvelistv5 – Published: 2019-01-28 21:00 – Updated: 2024-09-17 04:08
    VLAI
    Summary
    Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.
    Severity
    No CVSS data available.
    CWE
    • CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
    Assigner
    References
    Impacted products
    Vendor Product Version
    ICS-CERT Dräger Infinity Delta Affected: Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions.
    Create a notification for this product.
    Date Public
    2018-01-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:23:08.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
              },
              {
                "name": "106683",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106683"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
              "vendor": "ICS-CERT",
              "versions": [
                {
                  "status": "affected",
                  "version": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                }
              ]
            }
          ],
          "datePublic": "2018-01-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-269",
                  "description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-29T10:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
            },
            {
              "name": "106683",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106683"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-01-22T00:00:00",
              "ID": "CVE-2018-19012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Dr\u0026#195;\u0026#164;ger Infinity Delta",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "ICS-CERT"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"
                },
                {
                  "name": "106683",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106683"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-19012",
        "datePublished": "2019-01-28T21:00:00.000Z",
        "dateReserved": "2018-11-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:08:49.934Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }