CVE-2021-4479
Awaiting Analysis Awaiting Analysis - Queue
Improper Input Handling in Dräger Atlan A350 Software

Publication date: 2026-06-02

Last updated on: 2026-06-10

Assigner: VulnCheck

Description
Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload the internal processor, gradually disrupting device operation over several hours and causing loss of data transmission, delayed display of real-time curves, and deviation between displayed airway pressure values and screen curves.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-10
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2021-4479
EUVD
EUVD-2021-34845
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dräger atlan_a350 From 1.00 (inc) to 1.01 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1286 The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The Dräger Atlan A350 medical device software versions 1.00 through 1.01 contain a vulnerability due to improper input handling. Attackers can exploit this by sending specially crafted malformed data that does not comply with the Medibus protocol through the Medibus interface.

This malformed data overloads the device's internal processor, causing a denial-of-service (DoS) condition that gradually disrupts the device's operation over several hours.

As a result, the device experiences loss of data transmission, delayed display of real-time curves, and discrepancies between the displayed airway pressure values and the screen curves.

Compliance Impact

The provided information does not specify how the CVE-2021-4479 vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

This vulnerability can impact users by causing a denial-of-service condition on the Dräger Atlan A350 device, leading to gradual operational disruption.

  • Loss of data transmission from the device.
  • Delayed display of real-time monitoring curves.
  • Inaccurate display of airway pressure values compared to the actual screen curves.

These impacts can affect patient monitoring and care by providing delayed or incorrect information to healthcare providers.

Mitigation Strategies

To mitigate this vulnerability, ensure that devices running Dräger Atlan A350 software versions 1.00 through 1.01 are not exposed to untrusted networks where attackers can send malformed, non-Medibus-compliant data through the Medibus interface.

Restrict access to the Medibus interface to trusted personnel and systems only, and monitor for unusual or malformed data transmissions that could overload the device's internal processor.

Consider contacting the vendor for software updates or patches that address this improper input handling vulnerability.

Detection Guidance

This vulnerability involves sending specifically crafted non-Medibus-compliant data through the Medibus interface to the Dräger Atlan A350 device, causing a denial of service by overloading the internal processor.

Detection on your network or system would involve monitoring traffic to the Medibus interface for malformed or non-compliant Medibus protocol data packets that could be used to exploit this vulnerability.

However, no specific detection commands or tools are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2021-4479. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart