Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-38392
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-04 Oct, 2021 | 17:35
Updated At-17 Sep, 2024 | 03:33
Rejected At-
▼CVE Numbering Authority (CNA)
Improper Access Control for Boston Scientific Zoom Latitude

A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.

Affected Products
Vendor
Boston Scientific
Product
ZOOM LATITUDE
Versions
Affected
  • Model 3120
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.

Exploits
Credits
Endres Puschner - Max Planck Institute for Security and Privacy, Bochum, Christoph Saatjohann - FH Münster University of Applied Sciences, Christian Dresen - FH Münster University of Applied Sciences, and Markus Willing - University of Muenster, discovered these issues as part of broader academic research of cardiac devices and reported them to Boston Scientific.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01
x_refsource_MISC
x_transferred
Details not found