Description
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Published: 2026-06-03
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability enables an attacker to send a malformed network packet that triggers an unexpected reboot in Dräger SC monitoring devices. The reboot causes the device to revert to its default configuration and lose network connectivity, disrupting patient monitoring. The effect is a loss of availability of critical monitoring, which can compromise patient safety.

Affected Systems

Affected products include Dräger SC 6002XL, SC 6802XL, SC 7000, SC 8000, and SC 9000 XL across all software versions.

Risk and Exploitability

The CVSS score of 7.1 indicates a moderate to high severity. The EPSS score is not available, so the likelihood of exploitation cannot be quantified, but the attack vector is network-based and does not require authentication, allowing widespread potential exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker could repeatedly send malformed packets to deny service until the device resets to default settings, severely impacting the availability of patient monitoring.

Generated by OpenCVE AI on June 3, 2026 at 18:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the firmware update or patch provided by Dräger as detailed in the official security advisory PDF.
  • Restrict network access to the SC devices by implementing firewall rules or network segmentation to limit exposure to untrusted sources.
  • Monitor device logs and reboot events to detect and respond to anomalous activity promptly.

Generated by OpenCVE AI on June 3, 2026 at 18:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Draeger
Draeger sc6802xl
Draeger sc8000
Draeger sc90000 Xl
Draeger sc 6002xl
Draeger sc 7000
Vendors & Products Draeger
Draeger sc6802xl
Draeger sc8000
Draeger sc90000 Xl
Draeger sc 6002xl
Draeger sc 7000

Wed, 03 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Title Dräger SC Monitoring Devices DoS via Malformed Network Packet
Weaknesses CWE-1286
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Draeger Sc6802xl Sc8000 Sc90000 Xl Sc 6002xl Sc 7000
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-03T17:44:47.456Z

Reserved: 2026-06-02T14:22:01.500Z

Link: CVE-2019-25720

cve-icon Vulnrichment

Updated: 2026-06-03T17:44:28.963Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-03T18:16:15.910

Modified: 2026-06-04T15:29:14.323

Link: CVE-2019-25720

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T08:30:24Z

Weaknesses
  • CWE-1286

    Improper Validation of Syntactic Correctness of Input