CVE-2017-14018
MEDIUMJohnson & Johnson Ethicon Endo-Surgery Generator Gen11 - Auth Bypass
Title source: llmDescription
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101978
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01
Scores
CVSS v3
4.8
EPSS
0.0036
EPSS Percentile
28.4%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
Details
CWE
CWE-287
Status
published
Products (2)
ethicon/endo-surgery_generator_gen11_firmware
n/a/Ethicon Endo-Surgery Generator G11
Ethicon Endo-Surgery Generator G11
Published
Dec 05, 2017
Tracked Since
Feb 18, 2026