Improper Restriction of Power Consumption

CVE-2017-12714

Medium

6.5/10

Summary

Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do not restrict or limit the number of correctly formatted "RF wake-up" commands that can be received, which may allow a nearby attacker to repeatedly send commands to reduce pacemaker battery life. CVSS v3 base score: 5.3, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Attack Complexity: LOW
Attack Vector: ADJACENT_NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-920 - Improper Restriction of Power Consumption

The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes.

References

Advisory Timeline

Published Apr 25, 2018

Improper Restriction of Power Consumption

CVE-2017-12714

Summary

CWE-920 - Improper Restriction of Power Consumption

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS