CVE-2024-48970
Life2000 Ventilator microcontroller lacks memory protection
In short
A Life2000 ventilator's microcontroller has no memory protection, allowing someone with physical access to connect a debugging tool to its internal JTAG port and read or modify its memory, potentially disrupting the device or stealing sensitive data.
Technical detail
The microcontroller lacks memory protection mechanisms, enabling direct memory access via the exposed JTAG interface using standard debugging tools. An attacker with physical access can read/write flash memory, compromising device integrity and confidentiality. This may lead to unauthorized firmware modification or extraction of protected information.
Summary generated and translated by AI from the official description.
The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Baxter · Life2000 Ventilation SystemWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →