CVE-2017-5149

high

Description

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.

References

https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A

Details

Source: Mitre, NVD

Published: 2017-02-13

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.9

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H

Severity: High