Sign-up

ID

VAR-202006-0827


CVE

CVE-2019-18252


TITLE

BIOTRONIK CardioMessenger II Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015751

DESCRIPTION

BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure. BIOTRONIK CardioMessenger II There is an authentication vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Biotronik CardioMessenger II-S is a portable medical monitoring device of German Biotronik company. It is mainly used to monitor implantable devices such as cardiac pacemakers. The Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20 have an authorization issue vulnerability that results from the program using the same credentials for multiple authentications

Trust: 2.7

sources: NVD: CVE-2019-18252 // JVNDB: JVNDB-2019-015751 // CNVD: CNVD-2020-52056 // CNNVD: CNNVD-202006-1217

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52056

AFFECTED PRODUCTS

vendor:biotronikmodel:cardiomessenger ii-s t-linescope:eqversion:2.20

Trust: 1.0

vendor:biotronikmodel:cardiomessenger ii-s gsmscope:eqversion:2.20

Trust: 1.0

vendor:biotronikmodel:cardiomessenger ii-s gsmscope: - version: -

Trust: 0.8

vendor:biotronikmodel:cardiomessenger ii-s t-linescope: - version: -

Trust: 0.8

vendor:biotronikmodel:cardiomessenger ii-s t-line t4appscope:eqversion:2.20

Trust: 0.6

vendor:biotronikmodel:cardiomessenger ii-s gsm t4appscope:eqversion:2.20

Trust: 0.6

sources: CNVD: CNVD-2020-52056 // JVNDB: JVNDB-2019-015751 // NVD: CVE-2019-18252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18252
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015751
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-52056
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1217
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18252
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015751
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52056
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18252
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015751
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52056 // JVNDB: JVNDB-2019-015751 // CNNVD: CNNVD-202006-1217 // NVD: CVE-2019-18252

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.8

sources: JVNDB: JVNDB-2019-015751 // NVD: CVE-2019-18252

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202006-1217

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202006-1217

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015751

PATCH
title:Top Pageurl:https://www.biotronik.com/en-de
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015751

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-170-05
Trust: 3.0
db:NVDid:CVE-2019-18252
Trust: 3.0
db:JVNid:JVNVU97042917
Trust: 0.8
db:JVNDBid:JVNDB-2019-015751
Trust: 0.8
db:CNVDid:CNVD-2020-52056
Trust: 0.6
db:AUSCERTid:ESB-2020.2144
Trust: 0.6
db:NSFOCUSid:47307
Trust: 0.6
db:CNNVDid:CNNVD-202006-1217
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52056 // 
            
            
            
            JVNDB: JVNDB-2019-015751 // 
            
            
            
            CNNVD: CNNVD-202006-1217 // 
            
            
            
            NVD: CVE-2019-18252

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-05
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-18252
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18252
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-05
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97042917/index.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47307
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2144/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52056 // 
            
            
            
            JVNDB: JVNDB-2019-015751 // 
            
            
            
            CNNVD: CNNVD-202006-1217 // 
            
            
            
            NVD: CVE-2019-18252

CREDITS
Guillaume Bour,Marie Moe,Anniken Wium Lie
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1217

SOURCES
db:CNVDid:CNVD-2020-52056
db:JVNDBid:JVNDB-2019-015751
db:CNNVDid:CNNVD-202006-1217
db:NVDid:CVE-2019-18252

LAST UPDATE DATE
2024-08-14T13:24:24.713000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52056date:2021-02-23T00:00:00
db:JVNDBid:JVNDB-2019-015751date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202006-1217date:2021-04-07T00:00:00
db:NVDid:CVE-2019-18252date:2021-04-06T17:16:57.730

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52056date:2020-09-15T00:00:00
db:JVNDBid:JVNDB-2019-015751date:2020-08-14T00:00:00
db:CNNVDid:CNNVD-202006-1217date:2020-06-18T00:00:00
db:NVDid:CVE-2019-18252date:2020-06-29T14:15:10.367