CVE-2019-25723
Improper Input Handling in Dräger Perseus A500 Software
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dräger | perseus_a500 | From 2.00 (inc) to 2.02 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2019-25723 is a vulnerability in Dräger Perseus A500 software versions 2.00 through 2.02 caused by improper input validation. Remote attackers can send malformed, non-Medibus-compliant data through the Medibus interface, which overloads the device's internal processor.
This overload triggers a warm restart of the device, temporarily halting ventilation by dropping the pressure to ambient levels for several seconds before therapy resumes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability allows denial of service by sending malformed, non-Medibus-compliant data through the Medibus interface, causing the device to restart and interrupt ventilation temporarily.
Immediate mitigation steps include restricting access to the Medibus interface to trusted sources only, implementing network-level filtering to block malformed or non-compliant Medibus data, and monitoring the device for unexpected restarts or ventilation interruptions.
Since no authentication or user interaction is required for exploitation, isolating the device from untrusted networks and applying any available software updates or patches from the vendor is recommended.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service on the Dräger Perseus A500 ventilator by forcing a warm restart through malformed input data.
During this restart, ventilation pressure drops to ambient levels, interrupting ventilation for several seconds, which could pose serious risks to patients relying on continuous respiratory support.