CVE-2020-15485

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
VendorProductVersion
niscomedm1000_multipara_patient_monitor_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://payatu.com/advisory/lack-of-medical-data-encryption-in-dr-trust-ecg-or-ekg-pen
https://www.niscomed.com/multipara-monitor.html
https://payatu.com/advisory/lack-of-medical-data-encryption-in-dr-trust-ecg-or-ekg-pen
https://www.niscomed.com/multipara-monitor.html