On-Chip Debug and Test Interface With Improper Access Control

CVE-2024-48970

High

9.3/10

Summary

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control

The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.

References

Advisory Timeline

Published Nov 14, 2024

On-Chip Debug and Test Interface With Improper Access Control

CVE-2024-48970

Summary

CWE-1191 - On-Chip Debug and Test Interface With Improper Access Control

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS