Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities by ZOLL
CVE-2025-12699 (GCVE-0-2025-12699)
Vulnerability from cvelistv5 – Published: 2026-02-10 20:38 – Updated: 2026-02-11 21:44
VLAI
Title
ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory
Summary
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZOLL | ZOLL ePCR IOS Mobile Application |
Affected:
2.6.7
|
Date Public
2026-02-10 18:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:44:35.726699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:44:45.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZOLL ePCR IOS Mobile Application",
"vendor": "ZOLL",
"versions": [
{
"status": "affected",
"version": "2.6.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Riggins reported this vulnerability to ZOLL"
}
],
"datePublic": "2026-02-10T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app\u0027s runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.\u003c/span\u003e"
}
],
"value": "The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app\u0027s runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:38:37.838Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-041-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-041-01.json"
},
{
"url": "https://www.zolldata.com/contact-us."
}
],
"source": {
"advisory": "ICSMA-26-041-01",
"discovery": "EXTERNAL"
},
"title": "ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZOLL ePCR IOS application was decommissioned in May 2025. ZOLL has no \ncurrent plans to provide a replacement application. If users have \nquestions or concerns, they are encouraged to reach out directly to ZOLL\n Support. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.zolldata.com/contact-us\"\u003ehttps://www.zolldata.com/contact-us\u003c/a\u003e.\n\n\n\n\u003cbr\u003e"
}
],
"value": "ZOLL ePCR IOS application was decommissioned in May 2025. ZOLL has no \ncurrent plans to provide a replacement application. If users have \nquestions or concerns, they are encouraged to reach out directly to ZOLL\n Support. https://www.zolldata.com/contact-us ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12699",
"datePublished": "2026-02-10T20:38:37.838Z",
"dateReserved": "2025-11-04T15:39:58.840Z",
"dateUpdated": "2026-02-11T21:44:45.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27483 (GCVE-0-2021-27483)
Vulnerability from cvelistv5 – Published: 2021-06-16 12:17 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
Severity
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:08.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T12:17:09.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27483",
"datePublished": "2021-06-16T12:17:09.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:08.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27485 (GCVE-0-2021-27485)
Vulnerability from cvelistv5 – Published: 2021-06-16 12:16 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
Severity
No CVSS data available.
CWE
- CWE-257 - STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T12:16:47.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27485",
"datePublished": "2021-06-16T12:16:47.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27479 (GCVE-0-2021-27479)
Vulnerability from cvelistv5 – Published: 2021-06-16 12:16 – Updated: 2024-08-03 20:48
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T12:16:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27479",
"datePublished": "2021-06-16T12:16:36.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:17.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27487 (GCVE-0-2021-27487)
Vulnerability from cvelistv5 – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
Severity
No CVSS data available.
CWE
- CWE-312 - CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:08.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:59:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27487",
"datePublished": "2021-06-16T11:59:46.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:08.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27481 (GCVE-0-2021-27481)
Vulnerability from cvelistv5 – Published: 2021-06-16 11:59 – Updated: 2024-08-03 20:48
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
Severity
No CVSS data available.
CWE
- CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:59:39.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27481",
"datePublished": "2021-06-16T11:59:39.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:17.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27489 (GCVE-0-2021-27489)
Vulnerability from cvelistv5 – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands.
Severity
No CVSS data available.
CWE
- CWE-434 - UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:08.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:59:33.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27489",
"datePublished": "2021-06-16T11:59:33.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:08.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7395 (GCVE-0-2013-7395)
Vulnerability from cvelistv5 – Published: 2014-08-12 16:00 – Updated: 2024-09-16 16:52
VLAI
Summary
ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?i… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-12T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7395",
"datePublished": "2014-08-12T16:00:00.000Z",
"dateReserved": "2014-08-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:52:44.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6756 (GCVE-0-2007-6756)
Vulnerability from cvelistv5 – Published: 2014-08-12 16:00 – Updated: 2024-08-07 16:18
VLAI
Summary
ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386 | x_refsource_CONFIRM |
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?i… | x_refsource_CONFIRM |
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?i… | x_refsource_CONFIRM |
Date Public
2007-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zoll-defibrillator-cve20076756-dos(95718)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zoll-defibrillator-cve20076756-dos(95718)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zoll-defibrillator-cve20076756-dos(95718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95718"
},
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386"
},
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018"
},
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6756",
"datePublished": "2014-08-12T16:00:00.000Z",
"dateReserved": "2014-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12699 (GCVE-0-2025-12699)
Vulnerability from nvd – Published: 2026-02-10 20:38 – Updated: 2026-02-11 21:44
VLAI
Title
ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory
Summary
The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.
Severity
5.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ZOLL | ZOLL ePCR IOS Mobile Application |
Affected:
2.6.7
|
Date Public
2026-02-10 18:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:44:35.726699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:44:45.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ZOLL ePCR IOS Mobile Application",
"vendor": "ZOLL",
"versions": [
{
"status": "affected",
"version": "2.6.7"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bryan Riggins reported this vulnerability to ZOLL"
}
],
"datePublic": "2026-02-10T18:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app\u0027s runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.\u003c/span\u003e"
}
],
"value": "The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app\u0027s runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T20:38:37.838Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-041-01"
},
{
"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-041-01.json"
},
{
"url": "https://www.zolldata.com/contact-us."
}
],
"source": {
"advisory": "ICSMA-26-041-01",
"discovery": "EXTERNAL"
},
"title": "ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ZOLL ePCR IOS application was decommissioned in May 2025. ZOLL has no \ncurrent plans to provide a replacement application. If users have \nquestions or concerns, they are encouraged to reach out directly to ZOLL\n Support. \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.zolldata.com/contact-us\"\u003ehttps://www.zolldata.com/contact-us\u003c/a\u003e.\n\n\n\n\u003cbr\u003e"
}
],
"value": "ZOLL ePCR IOS application was decommissioned in May 2025. ZOLL has no \ncurrent plans to provide a replacement application. If users have \nquestions or concerns, they are encouraged to reach out directly to ZOLL\n Support. https://www.zolldata.com/contact-us ."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2025-12699",
"datePublished": "2026-02-10T20:38:37.838Z",
"dateReserved": "2025-11-04T15:39:58.840Z",
"dateUpdated": "2026-02-11T21:44:45.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27483 (GCVE-0-2021-27483)
Vulnerability from nvd – Published: 2021-06-16 12:17 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.
Severity
No CVSS data available.
CWE
- CWE-269 - IMPROPER PRIVILEGE MANAGEMENT CWE-269
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:08.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "IMPROPER PRIVILEGE MANAGEMENT CWE-269",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T12:17:09.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27483",
"datePublished": "2021-06-16T12:17:09.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:08.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27485 (GCVE-0-2021-27485)
Vulnerability from nvd – Published: 2021-06-16 12:16 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser.
Severity
No CVSS data available.
CWE
- CWE-257 - STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:09.022Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T12:16:47.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The application allows users to store their passwords in a recoverable format, which could allow an attacker to retrieve the credentials from the web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STORING PASSWORDS IN A RECOVERABLE FORMAT CWE-257"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27485",
"datePublished": "2021-06-16T12:16:47.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:09.022Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27479 (GCVE-0-2021-27479)
Vulnerability from nvd – Published: 2021-06-16 12:16 – Updated: 2024-08-03 20:48
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users.
Severity
No CVSS data available.
CWE
- CWE-79 - IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T12:16:36.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product\u2019s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION (\u0027CROSS-SITE SCRIPTING\u0027) CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27479",
"datePublished": "2021-06-16T12:16:36.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:17.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27487 (GCVE-0-2021-27487)
Vulnerability from nvd – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information.
Severity
No CVSS data available.
CWE
- CWE-312 - CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:08.954Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:59:46.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products contain credentials stored in plaintext. This could allow an attacker to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT STORAGE OF SENSITIVE INFORMATION CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27487",
"datePublished": "2021-06-16T11:59:46.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:08.954Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27481 (GCVE-0-2021-27481)
Vulnerability from nvd – Published: 2021-06-16 11:59 – Updated: 2024-08-03 20:48
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information.
Severity
No CVSS data available.
CWE
- CWE-321 - USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.256Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:59:39.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED CRYPTOGRAPHIC KEY CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27481",
"datePublished": "2021-06-16T11:59:39.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T20:48:17.256Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-27489 (GCVE-0-2021-27489)
Vulnerability from nvd – Published: 2021-06-16 11:59 – Updated: 2024-08-03 21:26
VLAI
Summary
ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands.
Severity
No CVSS data available.
CWE
- CWE-434 - UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | ZOLL Defibrillator Dashboard |
Affected:
All versions prior to 2.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:26:08.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ZOLL Defibrillator Dashboard",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to 2.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-16T11:59:33.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ZOLL Defibrillator Dashboard",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator Dashboard, v prior to 2.2, The web application allows a non-administrative user to upload a malicious file. This file could allow an attacker to remotely execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNRESTRICTED UPLOAD OF FILE WITH DANGEROUS TYPE CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27489",
"datePublished": "2021-06-16T11:59:33.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-03T21:26:08.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7395 (GCVE-0-2013-7395)
Vulnerability from nvd – Published: 2014-08-12 16:00 – Updated: 2024-09-16 16:52
VLAI
Summary
ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?i… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-08-12T16:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=25506"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7395",
"datePublished": "2014-08-12T16:00:00.000Z",
"dateReserved": "2014-08-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:52:44.638Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6756 (GCVE-0-2007-6756)
Vulnerability from nvd – Published: 2014-08-12 16:00 – Updated: 2024-08-07 16:18
VLAI
Summary
ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386 | x_refsource_CONFIRM |
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?i… | x_refsource_CONFIRM |
| http://www.zoll.com/WorkArea/DownloadAsset.aspx?i… | x_refsource_CONFIRM |
Date Public
2007-05-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "zoll-defibrillator-cve20076756-dos(95718)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95718"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "zoll-defibrillator-cve20076756-dos(95718)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95718"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zoll-defibrillator-cve20076756-dos(95718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95718"
},
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=2386"
},
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=10018"
},
{
"name": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473",
"refsource": "CONFIRM",
"url": "http://www.zoll.com/WorkArea/DownloadAsset.aspx?id=18473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6756",
"datePublished": "2014-08-12T16:00:00.000Z",
"dateReserved": "2014-08-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:18:20.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201408-0001
Vulnerability from variot - Updated: 2023-12-18 13:19ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). ZOLL Defibrillator/Monitor M Series, E Series and R Series are all M, E, R series defibrillator devices used by ZOLL in the United States for emergency medical services. There are security vulnerabilities in various ZOLL Defibrillator/Monitor products. Because the System Configuration mode uses the default password. An attacker could exploit this vulnerability to modify the device configuration and cause a denial of service. Monitor/defibrillator is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitor\\/defibrillator",
"scope": "eq",
"trust": 1.6,
"vendor": "zoll",
"version": "e"
},
{
"model": "monitor\\/defibrillator",
"scope": "eq",
"trust": 1.6,
"vendor": "zoll",
"version": "r"
},
{
"model": "monitor\\/defibrillator",
"scope": "eq",
"trust": 1.6,
"vendor": "zoll",
"version": "m"
},
{
"model": "zoll defibrillator",
"scope": "eq",
"trust": 0.8,
"vendor": "zol medical",
"version": "e series"
},
{
"model": "zoll defibrillator",
"scope": "eq",
"trust": 0.8,
"vendor": "zol medical",
"version": "m series"
},
{
"model": "zoll defibrillator",
"scope": "eq",
"trust": 0.8,
"vendor": "zol medical",
"version": "r series"
},
{
"model": "defibrillator monitor r series",
"scope": "eq",
"trust": 0.6,
"vendor": "zoll",
"version": "/"
},
{
"model": "defibrillator monitor e series",
"scope": "eq",
"trust": 0.6,
"vendor": "zoll",
"version": "/"
},
{
"model": "defibrillator monitor m series",
"scope": "eq",
"trust": 0.6,
"vendor": "zoll",
"version": "/"
},
{
"model": "monitor%2fdefibrillator r",
"scope": null,
"trust": 0.3,
"vendor": "zoll",
"version": null
},
{
"model": "monitor%2fdefibrillator m",
"scope": null,
"trust": 0.3,
"vendor": "zoll",
"version": null
},
{
"model": "monitor%2fdefibrillator e",
"scope": null,
"trust": 0.3,
"vendor": "zoll",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"db": "BID",
"id": "81495"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zoll:monitor\\/defibrillator:e:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:zoll:monitor\\/defibrillator:r:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:zoll:monitor\\/defibrillator:m:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6756"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "81495"
}
],
"trust": 0.3
},
"cve": "CVE-2007-6756",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-6756",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-05044",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6756",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05044",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-170",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a default password for System Configuration mode, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). ZOLL Defibrillator/Monitor M Series, E Series and R Series are all M, E, R series defibrillator devices used by ZOLL in the United States for emergency medical services. There are security vulnerabilities in various ZOLL Defibrillator/Monitor products. Because the System Configuration mode uses the default password. An attacker could exploit this vulnerability to modify the device configuration and cause a denial of service. Monitor/defibrillator is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"db": "BID",
"id": "81495"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6756",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006495",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-05044",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-170",
"trust": 0.6
},
{
"db": "BID",
"id": "81495",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"db": "BID",
"id": "81495"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
]
},
"id": "VAR-201408-0001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05044"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05044"
}
]
},
"last_update_date": "2023-12-18T13:19:57.103000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "M Series Configuration Guide",
"trust": 0.8,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=2386"
},
{
"title": "E Series Configuration Guide",
"trust": 0.8,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=10018"
},
{
"title": "R Series Configuration Guide",
"trust": 0.8,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=18473"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"db": "NVD",
"id": "CVE-2007-6756"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=2386"
},
{
"trust": 1.9,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=10018"
},
{
"trust": 1.9,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=18473"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6756"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95718"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6756"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"db": "BID",
"id": "81495"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"db": "BID",
"id": "81495"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"date": "2014-08-12T00:00:00",
"db": "BID",
"id": "81495"
},
{
"date": "2014-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"date": "2014-08-12T16:55:04.567000",
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"date": "2014-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05044"
},
{
"date": "2014-08-12T00:00:00",
"db": "BID",
"id": "81495"
},
{
"date": "2014-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-006495"
},
{
"date": "2017-09-08T01:29:00.277000",
"db": "NVD",
"id": "CVE-2007-6756"
},
{
"date": "2014-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "81495"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZOLL Vulnerability to change device settings in multiple series of defibrillators",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-006495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-170"
}
],
"trust": 0.6
}
}
VAR-201408-0037
Vulnerability from variot - Updated: 2023-12-18 13:03ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). ( Adversely affect human health ) There are vulnerabilities that are put into a state.An attacker who can physically operate the terminal changes the device settings and disrupts service operation ( Adversely affect human health ) There is a possibility of being put into a state. ZOLL Defibrillator/Monitor X Series is an X-series monitor and defibrillator device for emergency medical services from ZOLL, USA. ZOLL Defibrillator/Monitor is prone to a local denial-of-service vulnerability. Attackers may leverage this issue to crash the affected device, denying service to legitimate users. Defibrillator/Monitor X series is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "monitor\\/defibrillator",
"scope": "eq",
"trust": 1.6,
"vendor": "zoll",
"version": "x"
},
{
"model": "zoll defibrillator",
"scope": "eq",
"trust": 0.8,
"vendor": "zol medical",
"version": "x series"
},
{
"model": "defibrillator monitor series",
"scope": "eq",
"trust": 0.6,
"vendor": "zoll",
"version": "/x"
},
{
"model": "monitor/defibrillator",
"scope": "eq",
"trust": 0.3,
"vendor": "zoll",
"version": "x"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"db": "BID",
"id": "69236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zoll:monitor\\/defibrillator:x:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7395"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "69236"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7395",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 4.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-7395",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CNVD-2014-05046",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7395",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-171",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of service (adverse human health effects). ( Adversely affect human health ) There are vulnerabilities that are put into a state.An attacker who can physically operate the terminal changes the device settings and disrupts service operation ( Adversely affect human health ) There is a possibility of being put into a state. ZOLL Defibrillator/Monitor X Series is an X-series monitor and defibrillator device for emergency medical services from ZOLL, USA. ZOLL Defibrillator/Monitor is prone to a local denial-of-service vulnerability. \nAttackers may leverage this issue to crash the affected device, denying service to legitimate users. \nDefibrillator/Monitor X series is vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"db": "BID",
"id": "69236"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7395",
"trust": 3.3
},
{
"db": "BID",
"id": "69236",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006630",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-05046",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201408-171",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"db": "BID",
"id": "69236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
]
},
"id": "VAR-201408-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05046"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05046"
}
]
},
"last_update_date": "2023-12-18T13:03:31.842000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "X Series Configuration Manual",
"trust": 0.8,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=25506"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"db": "NVD",
"id": "CVE-2013-7395"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.zoll.com/workarea/downloadasset.aspx?id=25506"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7395"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7395"
},
{
"trust": 0.3,
"url": "http://www.zoll.com/medical-products/defibrillators/x-series/"
},
{
"trust": 0.3,
"url": "http://www.zoll.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"db": "BID",
"id": "69236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"db": "BID",
"id": "69236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"date": "2014-08-12T00:00:00",
"db": "BID",
"id": "69236"
},
{
"date": "2014-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"date": "2014-08-12T16:55:04.627000",
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"date": "2014-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05046"
},
{
"date": "2014-08-12T00:00:00",
"db": "BID",
"id": "69236"
},
{
"date": "2014-08-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006630"
},
{
"date": "2014-08-14T03:40:12.343000",
"db": "NVD",
"id": "CVE-2013-7395"
},
{
"date": "2014-08-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "69236"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZOLL Defibrillator X Vulnerability to change device settings in the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006630"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-171"
}
],
"trust": 0.6
}
}