Vulnerabilities > Bostonscientific

DATE CVE VULNERABILITY TITLE RISK
2021-10-04 CVE-2021-38392 Unspecified vulnerability in Bostonscientific Zoom Latitude Pogrammer/Recorder/Monitor 3120 Firmware
A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.
low complexity
bostonscientific
7.6
2021-10-04 CVE-2021-38394 Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques vulnerability in Bostonscientific Zoom Latitude Pogrammer/Recorder/Monitor 3120 Firmware
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key.
6.9
2021-10-04 CVE-2021-38396 Insufficient Verification of Data Authenticity vulnerability in Bostonscientific Zoom Latitude Pogrammer/Recorder/Monitor 3120 Firmware
The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive.
low complexity
bostonscientific CWE-345
6.8
2021-10-04 CVE-2021-38398 Unspecified vulnerability in Bostonscientific products
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities.
local
low complexity
bostonscientific
4.6
2021-10-04 CVE-2021-38400 Use of Password Hash With Insufficient Computational Effort vulnerability in Bostonscientific Zoom Latitude Pogrammer/Recorder/Monitor 3120 Firmware
An attacker with physical access to Boston Scientific Zoom Latitude Model 3120 can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.
local
low complexity
bostonscientific CWE-916
4.6
2018-05-01 CVE-2017-14014 Use of Hard-coded Credentials vulnerability in Bostonscientific Zoom Latitude PRM 3120 Firmware
Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media.
local
low complexity
bostonscientific CWE-798
2.1
2018-05-01 CVE-2017-14012 Missing Encryption of Sensitive Data vulnerability in Bostonscientific Zoom Latitude PRM 3120 Firmware
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest.
local
low complexity
bostonscientific CWE-311
2.1