CVE-2023-31222

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html	Mitigation Vendor Advisory
https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html	Mitigation Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:medtronic:paceart_optima:*:*:*:*:*:windows:*:*

History

No history.

Information

Published : 2023-06-29 16:15

Updated : 2024-11-21 08:01

NVD link : CVE-2023-31222

Mitre link : CVE-2023-31222

CVE.ORG link : CVE-2023-31222

JSON object : View

Products Affected

medtronic

paceart_optima

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2023-31222", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@medtronic.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2023-06-29T16:15:09.777", "references": [{"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "security@medtronic.com"}, {"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html", "tags": ["Mitigation", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@medtronic.com", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Deserialization of untrusted data\u00a0in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a\u00a0healthcare delivery organization\u2019s Paceart Optima system\u00a0cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration\u00a0via network connectivity."}], "lastModified": "2024-11-21T08:01:39.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:medtronic:paceart_optima:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "A39B5C21-C4A0-4F23-93BF-A0E5AA01DA65", "versionEndExcluding": "1.12"}], "operator": "OR"}]}], "sourceIdentifier": "security@medtronic.com"}