CVE-2019-25716
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk33th percentile - higher than 33% of all known CVEs
Summary
A denial-of-service vulnerability in Dräger Infinity Delta, Delta XL, and Kappa patient monitors allows remote attackers to cause a device reboot by sending a malformed network packet. Repeated attacks can disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Risk Assessment
The risk involves interruption of continuous patient vital signs monitoring, potentially leading to delays in detecting life-threatening conditions and endangering patient safety.
Recommendation
Immediately update the monitor firmware to a patched version and restrict network access to these devices to trusted hosts only.
Original NVD description (English source)
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

