CVE-2019-25724
Denial of Service in Dräger Infinity M300 Patient Monitors
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dräger | infinity_m300 | to vg2.x (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to loss of wireless network connectivity on the affected devices.
It can cause temporary loss of patient monitoring and interruption of alarm functionality.
The device will remain in a fail state until it is manually restarted, potentially impacting patient safety and hospital operations.
Can you explain this vulnerability to me?
Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier have a network-based denial of service vulnerability.
Attackers who have access to the hospital or Infinity Network can repeatedly trigger device reboots, causing the device to eventually enter a fail state that requires manual restart.
This vulnerability is related to uncontrolled resource consumption, classified under CWE-400.
What immediate steps should I take to mitigate this vulnerability?
Dräger Infinity M300 patient worn monitors with software version VG2.x and earlier are vulnerable to a network-based denial of service attack that causes repeated device reboots leading to a fail state requiring manual restart.
To mitigate this vulnerability, restrict network access to the hospital or Infinity Network to trusted personnel only, thereby preventing unauthorized attackers from triggering the device reboots.
Monitor the devices for unexpected reboots and ensure manual recovery procedures are in place in case of device failure.