CVE-2022-4992
Awaiting Analysis Awaiting Analysis - Queue
Dräger Infinity M540 Network Message Handling DoS

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: VulnCheck

Description
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service conditions. Attackers can compromise network communications to modify device settings such as alarm states or alarm limits, or overwhelm the system with excessive network traffic causing the Cockpit or M540 to reboot and lose network functionality.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2022-4992
EUVD
EUVD-2022-55996
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
dräger infinity_acute_care_system *
dräger standalone_infinity_m540 From VG4.2 (exc)
dräger infinity_m540 From VG4.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The impact of this vulnerability includes the potential for attackers to disrupt patient monitoring by changing alarm settings or limits, which could lead to missed or false alarms.

Additionally, denial-of-service conditions caused by network flooding can cause the affected devices to reboot and lose network connectivity, potentially interrupting critical patient care monitoring.

Executive Summary

This vulnerability affects Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors in certain versions. It is a network message handling flaw that allows remote attackers to inject spoofed or tampered data into the system.

Attackers exploiting this vulnerability can modify device settings such as alarm states or alarm limits. They can also cause denial-of-service conditions by overwhelming the system with excessive network traffic, which may cause the devices to reboot and lose network functionality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-4992. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart