We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-48967

Life2000 ventilator and Service PC lack sufficient audit logging capabilities



Description

The ventilator and the Service PC lack sufficient audit logging capabilities to allow for detection of malicious activity and subsequent forensic examination. An attacker with access to the ventilator and/or the Service PC could, without detection, make unauthorized changes to ventilator settings that result in unauthorized disclosure of information and/or have unintended impacts on device performance.

Reserved 2024-10-10 | Published 2024-11-14 | Updated 2024-11-14 | Assigner Baxter


CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-778: Insufficient Logging

Product status

Default status
unaffected

06.08.00.00 and prior
affected

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-319-01

cve.org (CVE-2024-48967)

nvd.nist.gov (CVE-2024-48967)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-48967

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.