CVE-2017-14018
low-risk
Published 2017-12-05
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10
Medium
PHYSICAL
/ HIGH complexity
Affected Products (1)
Endo-Surgery Generator Gen11 Firmware
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/101978
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01
Third Party Advisory
http://www.securityfocus.com/bid/101978
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01
18
/ 100
low-risk
Severity
12/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal