Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-38396
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-04 Oct, 2021 | 17:35
Updated At-16 Sep, 2024 | 20:46
Rejected At-
▼CVE Numbering Authority (CNA)
Missing Support Integrity Check for Boston Scientific Zoom Latitude

The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorized software using a specially crafted USB.

Affected Products
Vendor
Boston Scientific
Product
ZOOM LATITUDE
Versions
Affected
  • Model 3120
Problem Types
TypeCWE IDDescription
CWECWE-353CWE-353 Missing Support for Integrity Check
Type: CWE
CWE ID: CWE-353
Description: CWE-353 Missing Support for Integrity Check
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.

Exploits
Credits
Endres Puschner - Max Planck Institute for Security and Privacy, Bochum, Christoph Saatjohann - FH Münster University of Applied Sciences, Christian Dresen - FH Münster University of Applied Sciences, and Markus Willing - University of Muenster, discovered these issues as part of broader academic research of cardiac devices and reported them to Boston Scientific.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01
x_refsource_MISC
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01
x_refsource_MISC
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01
Resource:
x_refsource_MISC
x_transferred
Details not found