CVE-2019-25723
Awaiting Analysis Awaiting Analysis - Queue
Improper Input Handling in Dräger Perseus A500 Software

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: VulnCheck

Description
Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal processor with malformed data to trigger a warm restart, causing ventilation pressure to drop to ambient level and interrupting ventilation for several seconds before therapy resumes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2019-25723
EUVD
EUVD-2019-20159
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dräger perseus_a500 From 2.00 (inc) to 2.02 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1286 The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can cause a denial of service on the Dräger Perseus A500 ventilator by forcing a warm restart through malformed input data.

During this restart, ventilation pressure drops to ambient levels, interrupting ventilation for several seconds, which could pose serious risks to patients relying on continuous respiratory support.

Executive Summary

CVE-2019-25723 is a vulnerability in Dräger Perseus A500 software versions 2.00 through 2.02 caused by improper input validation. Remote attackers can send malformed, non-Medibus-compliant data through the Medibus interface, which overloads the device's internal processor.

This overload triggers a warm restart of the device, temporarily halting ventilation by dropping the pressure to ambient levels for several seconds before therapy resumes.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

The vulnerability allows denial of service by sending malformed, non-Medibus-compliant data through the Medibus interface, causing the device to restart and interrupt ventilation temporarily.

Immediate mitigation steps include restricting access to the Medibus interface to trusted sources only, implementing network-level filtering to block malformed or non-compliant Medibus data, and monitoring the device for unexpected restarts or ventilation interruptions.

Since no authentication or user interaction is required for exploitation, isolating the device from untrusted networks and applying any available software updates or patches from the vendor is recommended.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2019-25723. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart