{"containers": {"cna": {"affected": [{"product": "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.", "vendor": "Abbott Laboratories", "versions": [{"status": "affected", "version": "All versions of pacemakers manufactured prior to August 28, 2017"}]}], "datePublic": "2017-08-29T00:00:00", "descriptions": [{"lang": "en", "value": "The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "Improper authentication CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-04-26T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"}, {"name": "100523", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100523"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2017-08-29T00:00:00", "ID": "CVE-2017-12712", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.", "version": {"version_data": [{"version_value": "All versions of pacemakers manufactured prior to August 28, 2017"}]}}]}, "vendor_name": "Abbott Laboratories"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper authentication CWE-287"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"}, {"name": "100523", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100523"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:43:56.613Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"}, {"name": "100523", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100523"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-12712", "datePublished": "2018-04-25T13:00:00Z", "dateReserved": "2017-08-09T00:00:00", "dateUpdated": "2024-09-17T03:48:37.996Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abbott:accent_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFF25F4E-CF32-41A5-9AEC-5CF2A1D70732", "versionEndExcluding": "f0b.0e.7e", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abbott:accent:-:*:*:*:*:*:*:*", "matchCriteriaId": "7261AA88-1BD6-4CDF-AFC0-31FD7F52B9E7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abbott:anthem_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6C940D7-5EA3-4D42-8FFE-0C38D2D0065E", "versionEndExcluding": "f0b.0e.7e", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abbott:anthem:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B28402F-D4DF-448B-8ED3-676E0B438331", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abbott:accent_mri_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BFC7CD6D-57F8-4479-A25C-9B9937FD3793", "versionEndExcluding": "f10.08.6c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abbott:accent_mri:-:*:*:*:*:*:*:*", "matchCriteriaId": "C752B8AA-8990-43DE-AB8B-57329E1E0AE1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abbott:accent_st_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3CCA1805-9253-4267-ACE9-B9F3BBB1549A", "versionEndExcluding": "f10.08.6c", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abbott:accent_st:-:*:*:*:*:*:*:*", "matchCriteriaId": "794620AF-C8D5-4511-B4AF-5E8B4347F558", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abbott:assurity_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0BF37E32-78D2-48CD-BF19-17533E3CB5DF", "versionEndExcluding": "f14.07.80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abbott:assurity:-:*:*:*:*:*:*:*", "matchCriteriaId": "83B2EBFC-FB8A-402E-8C5C-118D4362B143", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abbott:allure_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "858B3E80-0179-4AD7-BC32-3AA87A7341C6", "versionEndExcluding": "f14.07.80", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abbott:allure:-:*:*:*:*:*:*:*", "matchCriteriaId": "65B30268-EC36-42C3-8028-D345DC22A3DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:abbott:assurity_mri_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "95E52CB5-DB4A-42FE-B963-CE891D3C1A95", "versionEndExcluding": "f17.01.49", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:abbott:assurity_mri:-:*:*:*:*:*:*:*", "matchCriteriaId": "43025EB2-8644-4BC5-BC3D-D67305C504B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."}, {"lang": "es", "value": "El algoritmo de autenticaci\u00f3n en los marcapasos de Abbott Laboratories fabricados antes del 28 de agosto de 2017, que est\u00e1 relacionado con una clave de autenticaci\u00f3n y una marca de tiempo, puede comprometerse u omitirse. Esto puede permitir que un atacante cercano env\u00ede comandos no autorizados al marcapasos mediante comunicaciones de radiofrecuencia. Puntuaci\u00f3n base de CVSS v3: 7.5, cadena de vector CVSS: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott ha desarrollado una actualizaci\u00f3n de firmware para ayudar a mitigar las vulnerabilidades identificadas."}], "id": "CVE-2017-12712", "lastModified": "2019-10-09T23:23:11.170", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-25T13:29:00.227", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100523"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}

{}