CVE-2024-14036
Denial of Service in Dräger Core and M540 Converter Service
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| dräger | core | 1.0.5 |
| dräger | m540_converter_service | 1.0.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9. It is a denial of service (DoS) vulnerability that allows attackers who are network-adjacent to cause high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process.
Attackers with access to the hospital network can send malformed SDC packets that exhaust CPU resources in the affected process, which results in the system being unable to process further SDC messages.
How can this vulnerability impact me? :
The impact of this vulnerability is a denial of service condition where the affected system experiences high CPU usage, potentially leading to degraded performance or unavailability of the Dräger Core or M540 Converter Service.
This means that critical medical device communication via SDC messages could be disrupted, which may affect hospital operations relying on these services.