Main Vulnerability Database Vulnerabilities #VU50739

Missing XML Validation in T1 Ventilator - CVE-2020-27282

Published: February 17, 2021

Vulnerability identifier: #VU50739

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-27282

CWE-ID: CWE-112

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
T1 Ventilator

Software vendor:
Hamilton Medical

Description

The vulnerability allows a local user to compromise the target system.

The vulnerability exists due to an XML validation vulnerability in the ventilator. An authenticated attacker with physical access can upload specially crafted configuration files and render the device persistently unusable.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-047-01

Missing XML Validation in T1 Ventilator - CVE-2020-27282

Description

Remediation

External links

Please verify you're human