CVE-2023-31222

Deserialization of untrusted datain Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact ahealthcare delivery organizations Paceart Optima systemcardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetrationvia network connectivity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
MedtronicCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
medtronicpaceart_optima
𝑥
< 1.12
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html
https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html