MidnightBSD

Advisories for hamilton-medical

CVE-2020-27278 LOW

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device’s configuration interface.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.2 MEDIUM CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N 0.9 4.2

CVSS 2.0

Severity: LOW

Problem Type: CWE-798,

Products Affected

Vendor Product Version
hamilton-medical hamilton-t1_firmware *
CVE-2020-27282 LOW

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML validation vulnerability in the ventilator allows privileged attackers with physical access to render the device persistently unusable by uploading specially crafted configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-112,

Products Affected

Vendor Product Version
hamilton-medical hamilton-t1_firmware *
CVE-2020-27290 LOW

In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an information disclosure vulnerability in the ventilator allows attackers with physical access to the configuration interface's logs to get valid checksums for tampered configuration files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.3 MEDIUM CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 0.7 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-200,

Products Affected

Vendor Product Version
hamilton-medical hamilton-t1_firmware *