CVE-2019-25719
Awaiting Analysis Awaiting Analysis - Queue
Network Message Handling Flaws in Dräger Infinity Acute Care System

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: VulnCheck

Description
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attackers with access to an enabled Infinity network port or physical proximity to a wireless access point can modify device settings such as alarm states or alarm limits, and overwhelm the system with incoming data causing the device to reboot and lose network functionality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2019-25719
EUVD
EUVD-2019-20156
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
dräger infinity_acute_care_system *
dräger standalone_infinity_m540 to VG4.1.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-924 The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2019-25719 affects Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower.

The vulnerability involves improper enforcement of message integrity during transmission, which allows network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions.

Attackers with access to an enabled Infinity network port or physical proximity to a wireless access point can modify device settings such as alarm states or alarm limits, and overwhelm the system with incoming data, causing the device to reboot and lose network functionality.

Compliance Impact

The vulnerability in Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors allows attackers to spoof or tamper with data and cause denial-of-service conditions, including modifying alarm states or limits and causing device reboots.

Such unauthorized data tampering and denial of service could potentially impact compliance with standards and regulations like GDPR and HIPAA, which require the protection of patient data integrity, availability, and confidentiality in healthcare environments.

However, the provided information does not explicitly discuss the direct impact of this vulnerability on compliance with these or other common standards and regulations.

Impact Analysis

This vulnerability can allow attackers to spoof or tamper with critical patient monitor data, potentially leading to incorrect alarm states or alarm limits.

Attackers can also cause denial-of-service conditions by overwhelming the device with data, causing it to reboot and lose network functionality.

Such impacts could disrupt patient monitoring, delay medical responses, and compromise patient safety.

Mitigation Strategies

To mitigate this vulnerability, restrict access to enabled Infinity network ports and limit physical proximity to wireless access points connected to the affected devices.

Monitor network traffic to and from Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors to detect unusual or overwhelming incoming data that could cause denial-of-service conditions.

Consider isolating the affected devices on a secure network segment to prevent unauthorized network-adjacent attackers from tampering with device settings such as alarm states or alarm limits.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25719. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart