CVE-2019-25717
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A vulnerability in Dräger Infinity Delta, Delta XL, and Kappa patient monitors allows unauthenticated network attackers to access log files. Attackers can retrieve device internals, location information, and wired network configuration details.
Risk Assessment
The risk involves exposure of sensitive data such as device location and network configuration, which could facilitate further attacks on hospital infrastructure.
Recommendation
Immediately update the monitor firmware to the latest version and restrict network access to these devices to trusted hosts only.
Original NVD description (English source)
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain an information disclosure vulnerability that allows unauthenticated network attackers to access log files over a network connection. Attackers can retrieve device internals, location information, and wired network configuration details from the exposed log files.

