CVE-2021-4479
Improper Input Handling in Dräger Atlan A350 Software
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dräger | atlan_a350 | From 1.00 (inc) to 1.01 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves sending specifically crafted non-Medibus-compliant data through the Medibus interface to the Dräger Atlan A350 device, causing a denial of service by overloading the internal processor.
Detection on your network or system would involve monitoring traffic to the Medibus interface for malformed or non-compliant Medibus protocol data packets that could be used to exploit this vulnerability.
However, no specific detection commands or tools are provided in the available information.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the CVE-2021-4479 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
The Dräger Atlan A350 medical device software versions 1.00 through 1.01 contain a vulnerability due to improper input handling. Attackers can exploit this by sending specially crafted malformed data that does not comply with the Medibus protocol through the Medibus interface.
This malformed data overloads the device's internal processor, causing a denial-of-service (DoS) condition that gradually disrupts the device's operation over several hours.
As a result, the device experiences loss of data transmission, delayed display of real-time curves, and discrepancies between the displayed airway pressure values and the screen curves.
How can this vulnerability impact me? :
This vulnerability can impact users by causing a denial-of-service condition on the Dräger Atlan A350 device, leading to gradual operational disruption.
- Loss of data transmission from the device.
- Delayed display of real-time monitoring curves.
- Inaccurate display of airway pressure values compared to the actual screen curves.
These impacts can affect patient monitoring and care by providing delayed or incorrect information to healthcare providers.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that devices running Dräger Atlan A350 software versions 1.00 through 1.01 are not exposed to untrusted networks where attackers can send malformed, non-Medibus-compliant data through the Medibus interface.
Restrict access to the Medibus interface to trusted personnel and systems only, and monitor for unusual or malformed data transmissions that could overload the device's internal processor.
Consider contacting the vendor for software updates or patches that address this improper input handling vulnerability.