CVE-2017-12716
MEDIUMAbbott Accent Firmware < f0b.0e.7e - Cleartext Transmission
Title source: ruleDescription
Abbott Laboratories Accent and Anthem pacemakers manufactured prior to Aug 28, 2017 transmit unencrypted patient information via RF communications to programmers and home monitoring units. Additionally, the Accent and Anthem pacemakers store the optional patient information without encryption. CVSS v3 base score: 3.1, CVSS vector string: AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Abbott has developed a firmware update to help mitigate the identified vulnerabilities.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-241-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100523
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
10.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-319
CWE-311
Status
published
Products (4)
abbott/accent_firmware
< f0b.0e.7e
abbott/accent_mri_firmware
< f10.08.6c
abbott/accent_st_firmware
< f10.08.6c
abbott/anthem_firmware
< f0b.0e.7e
Published
Apr 25, 2018
Tracked Since
Feb 18, 2026