Description
Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manual restart. Attackers can exploit this vulnerability to cause loss of wireless network connectivity, temporary loss of patient monitoring, and interruption of alarm functionality until the device is manually recovered.
Published: 2026-06-02
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows network-based attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots, eventually bringing the monitor into a fail state that requires a manual restart. This causes loss of wireless connectivity, temporary loss of patient monitoring, and interruption of alarm functionality until recovery.

Affected Systems

Dräger Infinity M300 patient-worn monitors running software version VG2.x or earlier are affected.

Risk and Exploitability

The CVSS score of 7.1 indicates a high impact severity, while the EPSS score is not available and the vulnerability is not listed in KEV. Exploitation requires network access to the device, so an attacker must be present on the hospital or Infinity network. Once triggered, repeated reboots can incapacitate monitoring for multiple patients, creating a significant operational risk.

Generated by OpenCVE AI on June 3, 2026 at 03:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Dräger Infinity M300 firmware update or patch if available.
  • Implement network segmentation and strict access control to limit internal traffic to the device.
  • Configure network monitoring and alerting to detect abnormal reboot activity and notify administrators.

Generated by OpenCVE AI on June 3, 2026 at 03:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier contain a network-based denial of service vulnerability that allows attackers with access to the hospital or Infinity Network to repeatedly trigger device reboots until the device enters a fail state requiring manual restart. Attackers can exploit this vulnerability to cause loss of wireless network connectivity, temporary loss of patient monitoring, and interruption of alarm functionality until the device is manually recovered.
Title Dräger Infinity M300 VG2.x Network-Based Denial of Service
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-02T19:11:51.652Z

Reserved: 2026-06-02T19:05:51.385Z

Link: CVE-2019-25724

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-02T20:16:23.960

Modified: 2026-06-02T20:16:23.960

Link: CVE-2019-25724

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T03:30:06Z

Weaknesses