Skip to main content

Missing XML Validation

CVE-2020-27282

Severity Medium
Score 4.3/10

Summary

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.

  • LOW
  • PHYSICAL
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-112 - Missing XML Validation

The software accepts XML from an untrusted source but does not validate the XML against the proper schema.

References

Advisory Timeline

  • Published