Description
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
Published: 2026-06-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability permits unauthenticated network attackers to read log files stored on Dräger Infinity Delta, Delta XL, and Kappa patient monitors. These logs contain device internals, location data, and wired network configuration details, which, if accessed, could expose sensitive operational information and enable further reconnaissance. Thus the primary impact is confidentiality compromise.

Affected Systems

Systems affected are Dräger Infinity Delta, Infinity Delta XL, and Infinity Kappa patient monitors. No specific firmware or software version details are provided, so any unit running these hardware models is potentially vulnerable.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, but the absence of an EPSS value means the current exploitation probability is unknown. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit the flaw from any network location that can reach the monitor, the interface type (wired or wireless) is not specified in the CVE data, so it is inferred that the typical attack vector involves local wired access. This inference is not confirmed by the CVE source.

Generated by OpenCVE AI on June 2, 2026 at 15:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest firmware version that removes unsecured log file exposure, as released by Dräger.
  • Configure network segmentation or firewall rules to restrict access to the patient monitor only to trusted local devices.
  • If the firmware upgrade is delayed, disable remote log access if the device configuration allows it, or alter log file permissions so that unauthenticated users cannot read them.
  • Monitor network traffic and device logs for signs of unauthorized access and review log retention policies to limit sensitive data exposure.

Generated by OpenCVE AI on June 2, 2026 at 15:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Draeger
Draeger infinity Delta
Draeger infinity Kappa
Vendors & Products Draeger
Draeger infinity Delta
Draeger infinity Kappa

Tue, 02 Jun 2026 14:15:00 +0000

Type Values Removed Values Added
Description Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.
Title Dräger Infinity Delta/Kappa Patient Monitors Unauthenticated Log File Disclosure
Weaknesses CWE-538
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Draeger Infinity Delta Infinity Kappa
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-03T13:46:03.638Z

Reserved: 2026-06-01T21:15:41.689Z

Link: CVE-2019-25717

cve-icon Vulnrichment

Updated: 2026-06-03T13:45:58.848Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-02T14:16:24.953

Modified: 2026-06-02T14:40:32.283

Link: CVE-2019-25717

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T20:51:18Z

Weaknesses