Description
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Published: 2026-06-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to send malformed network packets to a Dräger Infinity Delta, Delta XL, or Kappa patient monitor, causing the device to reboot. This results in a temporary loss of patient monitoring and network connectivity until the monitor restores its default configuration, which can seriously compromise patient safety.

Affected Systems

The affected devices are the Dräger Infinity Delta, Dräger Infinity Delta XL, and Dräger Infinity Kappa patient monitors. No specific firmware or model numbers are listed, so all current units of these product lines are potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.1 classifies this as a high‑severity denial‑of‑service flaw. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, indicating no confirmed widespread exploitation yet. The attack requires remote network access to the device and can be repeated by sending malformed packets, forcing the monitor to reboot repeatedly. Without an official patch or workaround, the monitors remain at risk of disruptive reboot cycles that could jeopardize critical patient monitoring services.

Generated by OpenCVE AI on June 1, 2026 at 22:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware update from Dräger that fixes the malformed packet handling issue (CWE-15).
  • Configure the device to operate on a tightly controlled network segment, limiting inbound traffic to only trusted sources and reducing the risk of malformed packet attacks (CWE-15).
  • Monitor device logs for repeated malformed packet events and reboot or isolate the system promptly when such activity is detected.

Generated by OpenCVE AI on June 1, 2026 at 22:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://static.draeger.com/security cve-icon cve-icon
History

Tue, 02 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 21:45:00 +0000

Type Values Removed Values Added
Description Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Title Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet
Weaknesses CWE-15
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T15:45:56.330Z

Reserved: 2026-06-01T20:44:47.913Z

Link: CVE-2019-25716

cve-icon Vulnrichment

Updated: 2026-06-02T15:12:55.315Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-01T22:16:17.170

Modified: 2026-06-02T14:50:44.670

Link: CVE-2019-25716

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T23:00:16Z

Weaknesses