CVE-2023-31222

EUVD-2023-35537
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MedtronicCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
medtronicpaceart_optima
𝑥
< 1.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html
https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html