CVE-2017-12712

moderate-risk

Published 2018-04-25

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

Do I need to act?

0.38% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

ADJACENT_NETWORK / LOW complexity

Affected Products (7)

Accent Firmware

Anthem Firmware

Accent Mri Firmware

Accent St Firmware

Assurity Firmware

Allure Firmware

Assurity Mri Firmware

Affected Vendors

Abbott

References (4)

Third Party Advisory http://www.securityfocus.com/bid/100523

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

Third Party Advisory http://www.securityfocus.com/bid/100523

Third Party Advisory https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

/ 100

moderate-risk

Severity 27/34 · High

Exploitability 1/34 · Minimal

Exposure 14/34 · Moderate