CVE-2020-27260

MEDIUM

Innokas Vital Signs Monitor VC150 <1.7.15 - Code Injection

Title source: llm
STIX 2.1

Description

Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsma-21-007-01

Scores

CVSS v3 5.3
EPSS 0.0043
EPSS Percentile 34.7%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE
CWE-74
Status published
Products (1)
innokasmedical/vital_signs_monitor_vc150_firmware < 1.7.15
Published Jan 08, 2021
Tracked Since Feb 18, 2026