Sign-up

ID

VAR-202006-1820


CVE

CVE-2019-18254


TITLE

BIOTRONIK CardioMessenger II Vulnerability regarding lack of encryption of critical data in

Trust: 0.8

sources: JVNDB: JVNDB-2019-015744

DESCRIPTION

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with. BIOTRONIK CardioMessenger II There is a vulnerability in the lack of encryption of critical data.Information may be obtained. Biotronik CardioMessenger II-S is a portable medical monitoring device of German Biotronik company, which is mainly used to monitor implantable devices such as cardiac pacemakers. There are security vulnerabilities in Biotronik CardioMessenger II-S T-Line T4APP version 2.20 and II-S GSM T4APP version 2.20

Trust: 2.7

sources: NVD: CVE-2019-18254 // JVNDB: JVNDB-2019-015744 // CNVD: CNVD-2020-52055 // CNNVD: CNNVD-202006-1215

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-52055

AFFECTED PRODUCTS

vendor:biotronikmodel:cardiomessenger ii-s t-linescope:eqversion:2.20

Trust: 1.0

vendor:biotronikmodel:cardiomessenger ii-s gsmscope:eqversion:2.20

Trust: 1.0

vendor:biotronikmodel:cardiomessenger ii-s gsmscope: - version: -

Trust: 0.8

vendor:biotronikmodel:cardiomessenger ii-s t-linescope: - version: -

Trust: 0.8

vendor:biotronikmodel:cardiomessenger ii-s t-line t4appscope:eqversion:2.20

Trust: 0.6

vendor:biotronikmodel:cardiomessenger ii-s gsm t4appscope:eqversion:2.20

Trust: 0.6

sources: CNVD: CNVD-2020-52055 // JVNDB: JVNDB-2019-015744 // NVD: CVE-2019-18254

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-18254
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2019-015744
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-52055
value: LOW

Trust: 0.6

CNNVD: CNNVD-202006-1215
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-18254
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2019-015744
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-52055
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2019-18254
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2019-015744
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-52055 // JVNDB: JVNDB-2019-015744 // CNNVD: CNNVD-202006-1215 // NVD: CVE-2019-18254

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.8

problemtype:CWE-312

Trust: 1.0

sources: JVNDB: JVNDB-2019-015744 // NVD: CVE-2019-18254

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202006-1215

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-015744

PATCH
title:Top Pageurl:https://www.biotronik.com/en-de
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-015744

EXTERNAL IDS
db:ICS CERTid:ICSMA-20-170-05
Trust: 3.0
db:NVDid:CVE-2019-18254
Trust: 3.0
db:JVNid:JVNVU97042917
Trust: 0.8
db:JVNDBid:JVNDB-2019-015744
Trust: 0.8
db:CNVDid:CNVD-2020-52055
Trust: 0.6
db:AUSCERTid:ESB-2020.2144
Trust: 0.6
db:NSFOCUSid:47305
Trust: 0.6
db:CNNVDid:CNNVD-202006-1215
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52055 // 
            
            
            
            JVNDB: JVNDB-2019-015744 // 
            
            
            
            CNNVD: CNNVD-202006-1215 // 
            
            
            
            NVD: CVE-2019-18254

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-20-170-05
Trust: 2.2
url:https://nvd.nist.gov/vuln/detail/cve-2019-18254
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18254
Trust: 0.8
url:https://us-cert.cisa.gov/ics/advisories/icsma-20-170-05
Trust: 0.8
url:https://jvn.jp/vu/jvnvu97042917/index.html
Trust: 0.8
url:http://www.nsfocus.net/vulndb/47305
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.2144/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-52055 // 
            
            
            
            JVNDB: JVNDB-2019-015744 // 
            
            
            
            CNNVD: CNNVD-202006-1215 // 
            
            
            
            NVD: CVE-2019-18254

CREDITS
Guillaume Bour,Marie Moe,Anniken Wium Lie
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-202006-1215

SOURCES
db:CNVDid:CNVD-2020-52055
db:JVNDBid:JVNDB-2019-015744
db:CNNVDid:CNNVD-202006-1215
db:NVDid:CVE-2019-18254

LAST UPDATE DATE
2024-08-14T13:24:24.741000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-52055date:2020-09-15T00:00:00
db:JVNDBid:JVNDB-2019-015744date:2020-08-12T00:00:00
db:CNNVDid:CNNVD-202006-1215date:2021-11-02T00:00:00
db:NVDid:CVE-2019-18254date:2021-10-29T19:14:04.820

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-52055date:2020-09-15T00:00:00
db:JVNDBid:JVNDB-2019-015744date:2020-08-12T00:00:00
db:CNNVDid:CNNVD-202006-1215date:2020-06-18T00:00:00
db:NVDid:CVE-2019-18254date:2020-06-29T14:15:10.710