CVE Catalog

CVE-2019-25716

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.41%

33th percentile - higher than 33% of all known CVEs

Summary

A denial-of-service vulnerability in Dräger Infinity Delta, Delta XL, and Kappa patient monitors allows remote attackers to cause a device reboot by sending a malformed network packet. Repeated attacks can disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

Risk Assessment

The risk involves interruption of continuous patient vital signs monitoring, potentially leading to delays in detecting life-threatening conditions and endangering patient safety.

Recommendation

Immediately update the monitor firmware to a patched version and restrict network access to these devices to trusted hosts only.

Original NVD description (English source)

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS