CVE-2022-4992
Dräger Infinity M540 Network Message Handling DoS
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dräger | infinity_acute_care_system | * |
| dräger | standalone_infinity_m540 | From VG4.2 (exc) |
| dräger | infinity_m540 | From VG4.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-345 | The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The impact of this vulnerability includes the potential for attackers to disrupt patient monitoring by changing alarm settings or limits, which could lead to missed or false alarms.
Additionally, denial-of-service conditions caused by network flooding can cause the affected devices to reboot and lose network connectivity, potentially interrupting critical patient care monitoring.
Can you explain this vulnerability to me?
This vulnerability affects Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors in certain versions. It is a network message handling flaw that allows remote attackers to inject spoofed or tampered data into the system.
Attackers exploiting this vulnerability can modify device settings such as alarm states or alarm limits. They can also cause denial-of-service conditions by overwhelming the system with excessive network traffic, which may cause the devices to reboot and lose network functionality.