cvelist/2017/12xxx/CVE-2017-12716.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "ics-cert@hq.dhs.gov",
      "DATE_PUBLIC" : "2017-08-29T00:00:00",
      "ID" : "CVE-2017-12716",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "Accent and Anthem",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "All versions of pacemakers manufactured prior to August 28, 2017"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "Abbott Laboratories"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "Missing encryption of sensitive data CWE-311"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",
            "refsource" : "MISC",
            "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"
         },
         {
            "name" : "100523",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/100523"
         }
      ]
   }
}
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`{`
			`"CVE_data_meta" : {`
- Added submissions from ICS-CERT for ICSMA-17-241-01 from 2018-04-24. 2018-04-25 08:36:16 -04:00			`"ASSIGNER" : "ics-cert@hq.dhs.gov",`
			`"DATE_PUBLIC" : "2017-08-29T00:00:00",`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`"ID" : "CVE-2017-12716",`
- Added submissions from ICS-CERT for ICSMA-17-241-01 from 2018-04-24. 2018-04-25 08:36:16 -04:00			`"STATE" : "PUBLIC"`
			`},`
			`"affects" : {`
			`"vendor" : {`
			`"vendor_data" : [`
			`{`
			`"product" : {`
			`"product_data" : [`
			`{`
			`"product_name" : "Accent and Anthem",`
			`"version" : {`
			`"version_data" : [`
			`{`
			`"version_value" : "All versions of pacemakers manufactured prior to August 28, 2017"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name" : "Abbott Laboratories"`
			`}`
			`]`
			`}`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`},`
			`"data_format" : "MITRE",`
			`"data_type" : "CVE",`
			`"data_version" : "4.0",`
			`"description" : {`
			`"description_data" : [`
			`{`
			`"lang" : "eng",`
- Added submissions from ICS-CERT for ICSMA-17-241-01 from 2018-04-24. 2018-04-25 08:36:16 -04:00			`"value" : "Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities."`
			`}`
			`]`
			`},`
			`"problemtype" : {`
			`"problemtype_data" : [`
			`{`
			`"description" : [`
			`{`
			`"lang" : "eng",`
			`"value" : "Missing encryption of sensitive data CWE-311"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references" : {`
			`"reference_data" : [`
			`{`
- Synchronized data. 2018-04-25 09:04:13 -04:00			`"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01",`
			`"refsource" : "MISC",`
- Added submissions from ICS-CERT for ICSMA-17-241-01 from 2018-04-24. 2018-04-25 08:36:16 -04:00			`"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01"`
- Synchronized data. 2018-04-26 06:05:34 -04:00			`},`
			`{`
			`"name" : "100523",`
			`"refsource" : "BID",`
			`"url" : "http://www.securityfocus.com/bid/100523"`
- Populated repo from CVE List. 2017-10-16 12:31:07 -04:00			`}`
			`]`
			`}`
			`}`