Unencrypted Data Disclosure Vulnerability in BIOTRONIK CardioMessenger II

Unencrypted Data Disclosure Vulnerability in BIOTRONIK CardioMessenger II

CVE-2019-18254 · MEDIUM Severity

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

BIOTRONIK CardioMessenger II, The affected products do not encrypt sensitive information while at rest. An attacker with physical access to the CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

Learn more about our Iot Penetration Testing.