Description
Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed.
Published: 2026-06-02
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 allows an attacker with network adjacent access to send specially crafted, unencrypted SDC messages during the service discovery process. These malformed packets cause the target process to experience excessive CPU load, ultimately preventing it from processing further SDC messages and leading to a denial of service. The weakness is a classic case of resource exhaustion (CWE-400).

Affected Systems

Affected systems include Dräger Core version 1.0.5 and Dräger M540 Converter Service version 1.0.9. No additional vendor product versions are listed in the CNA data.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, but the EPSS score is unavailable, so the likelihood of exploitation cannot be quantified. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely network adjacent, requiring the attacker to be able to send SDC packets to the target machine. The exploitation path is straightforward: send a malformed SDC packet, trigger CPU exhaustion, and disrupt service availability.

Generated by OpenCVE AI on June 3, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block or rate‑limit SDC traffic originating from untrusted or unknown hosts to reduce the likelihood of injected malformed packets reaching the target
  • Apply any vendor-released patch or update for Dräger Core 1.0.5 or M540 Converter Service 1.0.9 as soon as it becomes available
  • Continuously monitor CPU usage on affected hosts and be prepared to restart or reset the service if abnormal load spikes are observed

Generated by OpenCVE AI on June 3, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
References

Wed, 03 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
References

Wed, 03 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Draeger
Draeger core
Draeger m540 Converter Service
Vendors & Products Draeger
Draeger core
Draeger m540 Converter Service

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed.
Title Dräger Core 1.0.5 Denial of Service via Malformed SDC Message
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Draeger Core M540 Converter Service
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-03T20:19:30.418Z

Reserved: 2026-06-02T21:19:56.497Z

Link: CVE-2024-14036

cve-icon Vulnrichment

Updated: 2026-06-03T13:33:48.672Z

cve-icon NVD

Status : Received

Published: 2026-06-02T22:16:15.820

Modified: 2026-06-03T20:16:18.073

Link: CVE-2024-14036

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T10:54:41Z

Weaknesses