CVE-2019-25723
MEDIUMDräger Perseus A500 2.00-2.02 DoS via Medibus Interface
Title source: cnaDescription
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal processor with malformed data to trigger a warm restart, causing ventilation pressure to drop to ambient level and interrupting ventilation for several seconds before therapy resumes.
References (3)
Core 3
Core References
Vendor Advisory vendor-advisory
https://static.draeger.com/security
Vendor Advisory vendor-advisory
https://static.draeger.com/security/download/2020-06-PSA-20-169-01-Security-Advisory-Perseus-A500-SW20n.pdf
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/dr-ger-perseus-a500-dos-via-medibus-interface
Scores
CVSS v3
4.0
EPSS
0.0024
EPSS Percentile
14.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-1286
Status
published
Products (5)
Dräger/Perseus A500
2.00
Dräger/Perseus A500
2.00 - VG2.3.1
Dräger/Perseus A500
2.01
Dräger/Perseus A500
2.02
Dräger/Perseus A500
2.03
Published
Jun 02, 2026
Tracked Since
Jun 03, 2026