CVE-2017-12712

HIGH

Abbott Pacemaker Firmware - Improper Authentication via RF Communications

Title source: llm

Description

The authentication algorithm in Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017, which involves an authentication key and time stamp, can be compromised or bypassed, which may allow a nearby attacker to issue unauthorized commands to the pacemaker via RF communications. CVSS v3 base score: 7.5, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.

References (2)

Core 2

Core References

Third Party Advisory, US Government Resource x_refsource_misc

https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/100523

Scores

CVSS v3 8.8

EPSS 0.0108

EPSS Percentile 61.0%

Attack Vector ADJACENT_NETWORK

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (7)

abbott/accent_firmware < f0b.0e.7e

abbott/accent_mri_firmware < f10.08.6c

abbott/accent_st_firmware < f10.08.6c

abbott/allure_firmware < f14.07.80

abbott/anthem_firmware < f0b.0e.7e

abbott/assurity_firmware < f14.07.80

abbott/assurity_mri_firmware < f17.01.49

Published Apr 25, 2018

Tracked Since Feb 18, 2026