{ "CVE_data_meta" : { "ASSIGNER" : "ics-cert@hq.dhs.gov", "DATE_PUBLIC" : "2017-08-29T00:00:00", "ID" : "CVE-2017-12712", "STATE" : "PUBLIC" }, "affects" : { "vendor" : { "vendor_data" : [ { "product" : { "product_data" : [ { "product_name" : "Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI.", "version" : { "version_data" : [ { "version_value" : "All versions of pacemakers manufactured prior to August 28, 2017" } ] } } ] }, "vendor_name" : "Abbott Laboratories" } ] } }, "data_format" : "MITRE", "data_type" : "CVE", "data_version" : "4.0", "description" : { "description_data" : [ { "lang" : "eng", "value" : "The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities." } ] }, "problemtype" : { "problemtype_data" : [ { "description" : [ { "lang" : "eng", "value" : "Improper authentication CWE-287" } ] } ] }, "references" : { "reference_data" : [ { "name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01", "refsource" : "MISC", "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01" }, { "name" : "100523", "refsource" : "BID", "url" : "http://www.securityfocus.com/bid/100523" } ] } }