Description
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal processor with malformed data to trigger a warm restart, causing ventilation pressure to drop to ambient level and interrupting ventilation for several seconds before therapy resumes.
Published: 2026-06-02
Score: 6.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Dräger Perseus A500 software versions 2.00 through 2.02 results from improper handling of data received on the Medibus interface. When an attacker sends specially crafted, non‑Medibus‑compliant data, the device overloads its internal processor and performs a warm restart. This restart causes the ventilation pressure to fall to ambient level, interrupting the patient’s ventilation for multiple seconds before therapy resumes. The primary impact is a function‑disrupting denial of service on a critical medical device that can compromise patient safety.

Affected Systems

All Dräger Perseus A500 units running firmware versions 2.00, 2.01, and 2.02 are vulnerable. No other Dräger software versions are listed as affected.

Risk and Exploitability

The CVSS score of 6.3 classifies the issue as moderate severity, and the EPSS score is not available, so current exploitation probability is unclear. The vulnerability is not listed in the CISA KEV catalog, which suggests limited or no publicly known exploitation at the time of this analysis. Based on the description, the likely attack vector is external transmission of malicious data over the Medibus interface, which may require physical proximity or access to the interface’s communication channel. Once the attacker succeeds, the device will perform a warm restart, interfering with patient ventilation for a critical period.

Generated by OpenCVE AI on June 3, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware or software update for Dräger Perseus A500 that includes fixed input handling on the Medibus interface.
  • Restrict physical and network access to the Medibus interface; only authorize personnel should be able to connect or transmit data.
  • Enable logging on the Medibus interface and configure alerts for malformed data or repeated warm restart events so that potential exploitation can be detected quickly.

Generated by OpenCVE AI on June 3, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal processor with malformed data to trigger a warm restart, causing ventilation pressure to drop to ambient level and interrupting ventilation for several seconds before therapy resumes.
Title Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface
Weaknesses CWE-1286
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L'}

cvssV4_0

{'score': 6.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T19:00:19.249Z

Reserved: 2026-06-02T18:56:43.003Z

Link: CVE-2019-25723

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T20:16:23.830

Modified: 2026-06-02T20:16:23.830

Link: CVE-2019-25723

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T03:30:06Z

Weaknesses