CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-5149

An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication channel between the transmitter and St. Jude Medical's web site, Merlin.net, are not verified. This may allow a man-in-the-middle attacker to access or influence communications between the identified endpoints.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.4%

CVSS Severity

CVSS v3 Score 8.9

CVSS v2 Score 6.8

References

http://www.securityfocus.com/bid/95331
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A
http://www.securityfocus.com/bid/95331
https://ics-cert.us-cert.gov/advisories/ICSMA-17-009-01A

Products affected by CVE-2017-5149

Abbott » Merlin@home Ex1100 » Version: N/A

cpe:2.3:h:abbott:merlin@home_ex1100:-
Abbott » Merlin@home Ex1150 » Version: N/A

cpe:2.3:h:abbott:merlin@home_ex1150:-
Abbott » Merlin@home Firmware » Version: 8.0

cpe:2.3:o:abbott:merlin@home_firmware:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-5149

Products

Pricing

Contact Us