CVE-2019-18254
MEDIUMBIOTRONIK CardioMessenger II-S GSM and T-Line Firmware - Cleartext Storage of Sensitive Information
Title source: llmDescription
BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-20-170-05
Scores
CVSS v3
4.6
EPSS
0.0023
EPSS Percentile
13.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-312
CWE-311
Status
published
Products (2)
biotronik/cardiomessenger_ii-s_gsm_firmware
2.20
biotronik/cardiomessenger_ii-s_t-line_firmware
2.20
Published
Jun 29, 2020
Tracked Since
Feb 18, 2026