CVE-2021-4479

MEDIUM

Dräger Atlan A350 1.00-1.01 DoS via Medibus Interface

Title source: cna

Description

Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload the internal processor, gradually disrupting device operation over several hours and causing loss of data transmission, delayed display of real-time curves, and deviation between displayed airway pressure values and screen curves.

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory

https://static.draeger.com/security

https://www.vulncheck.com/advisories/dr-ger-atlan-a350-dos-via-medibus-interface

Vendor Advisory vendor-advisory

https://static.draeger.com/security/download/2021-05-04-PSA-21-124-1-Security-Advisory-Atlan.pdf

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/drager-atlan-a350-dos-via-medibus-interface

Scores

CVSS v3 4.0

EPSS 0.0024

EPSS Percentile 15.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1286

Status published

Products (5)

Dräger/Atlan A350 < 7.5.3

Dräger/Atlan A350 1.00 - 1.01

Dräger/Atlan A350 1.00 - 7.5.3

Dräger/Atlan A350 1.01

Dräger/Atlan A350 2.0

Published Jun 02, 2026

Tracked Since Jun 03, 2026