CVE-2019-18254

MEDIUM

Biotronik Cardiomessenger Ii-s Gsm Firmware - Cleartext Storage

Title source: rule

Description

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

References (1)

[Third Party Advisory, US Government Resource] https://www.us-cert.gov/ics/advisories/icsma-20-170-05

Scores

CVSS v3 4.6

EPSS 0.0003

EPSS Percentile 8.7%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-312 CWE-311

Status published

Products (2)

biotronik/cardiomessenger_ii-s_gsm_firmware 2.20

biotronik/cardiomessenger_ii-s_t-line_firmware 2.20

Published Jun 29, 2020

Tracked Since Feb 18, 2026