CVE-2021-38400 - OpenCVE

An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.

No CVSS v4.0

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bostonscientific	Zoom Latitude Pogrammer\/recorder\/monitor 3120 Zoom Latitude Pogrammer\/recorder\/monitor 3120 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:bostonscientific:zoom_latitude_pogrammer\/recorder\/monitor_3120:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2021-10-04T17:35:28.144047Z

Updated: 2024-09-16T23:31:04.619Z

Reserved: 2021-08-10T00:00:00

Link: CVE-2021-38400

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-04T18:15:09.330

Modified: 2021-10-13T17:55:17.807

Link: CVE-2021-38400

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "ZOOM LATITUDE", "vendor": "Boston Scientific", "versions": [{"status": "affected", "version": "Model 3120"}]}], "credits": [{"lang": "en", "value": "Endres Puschner - Max Planck Institute for Security and Privacy, Bochum, Christoph Saatjohann - FH M\u00fcnster University of Applied Sciences, Christian Dresen - FH M\u00fcnster University of Applied Sciences, and Markus Willing - University of Muenster, discovered these issues as part of broader academic research of cardiac devices and reported them to Boston Scientific."}], "datePublic": "2021-09-30T00:00:00", "descriptions": [{"lang": "en", "value": "An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-916", "description": "CWE-916 Use of Password Hash With Insufficient Computational Effort", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-04T17:35:28", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01"}], "source": {"advisory": "ICSMA-21-273-01", "defect": ["CWE-916"], "discovery": "EXTERNAL"}, "title": "Use of Password Hash with Insufficient Computational Effort for Boston Scientific Zoom Latitude", "workarounds": [{"lang": "en", "value": "Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-09-30T21:02:00.000Z", "ID": "CVE-2021-38400", "STATE": "PUBLIC", "TITLE": "Use of Password Hash with Insufficient Computational Effort for Boston Scientific Zoom Latitude"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ZOOM LATITUDE", "version": {"version_data": [{"version_value": "Model 3120"}]}}]}, "vendor_name": "Boston Scientific"}]}}, "credit": [{"lang": "eng", "value": "Endres Puschner - Max Planck Institute for Security and Privacy, Bochum, Christoph Saatjohann - FH M\u00fcnster University of Applied Sciences, Christian Dresen - FH M\u00fcnster University of Applied Sciences, and Markus Willing - University of Muenster, discovered these issues as part of broader academic research of cardiac devices and reported them to Boston Scientific."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-916 Use of Password Hash With Insufficient Computational Effort"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01"}]}, "source": {"advisory": "ICSMA-21-273-01", "defect": ["CWE-916"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:37:16.609Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-38400", "datePublished": "2021-10-04T17:35:28.144047Z", "dateReserved": "2021-08-10T00:00:00", "dateUpdated": "2024-09-16T23:31:04.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:bostonscientific:zoom_latitude_pogrammer\\/recorder\\/monitor_3120_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9D9AC21-FFE0-4A10-A236-04957BFCE2A3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:bostonscientific:zoom_latitude_pogrammer\\/recorder\\/monitor_3120:-:*:*:*:*:*:*:*", "matchCriteriaId": "3CA3DB8D-C7B6-4276-BD8B-16C2EFDB5474", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password."}, {"lang": "es", "value": "Un atacante con acceso f\u00edsico al Boston Scientific Zoom Latitude Modelo 3120 puede retirar la unidad de disco duro o crear un USB especialmente dise\u00f1ado para extraer el hash de contrase\u00f1a para realizar ingenier\u00eda inversa por fuerza bruta de la contrase\u00f1a del sistema"}], "id": "CVE-2021-38400", "lastModified": "2021-10-13T17:55:17.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.4, "impactScore": 6.0, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2021-10-04T18:15:09.330", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-916"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-916"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}