CVE-2024-14036
Awaiting Analysis Awaiting Analysis - Queue

Denial of Service in Dräger Core and M540 Converter Service

Vulnerability report for CVE-2024-14036, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-02

Last updated on: 2026-06-03

Assigner: VulnCheck

Description

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-02
Last Modified
2026-06-03
Generated
2026-07-14
AI Q&A
2026-06-03
EPSS Evaluated
2026-07-12
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
dräger core 1.0.5
dräger m540_converter_service 1.0.9

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9. It is a denial of service (DoS) vulnerability that allows attackers who are network-adjacent to cause high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process.

Attackers with access to the hospital network can send malformed SDC packets that exhaust CPU resources in the affected process, which results in the system being unable to process further SDC messages.

Impact Analysis

The impact of this vulnerability is a denial of service condition where the affected system experiences high CPU usage, potentially leading to degraded performance or unavailability of the Dräger Core or M540 Converter Service.

This means that critical medical device communication via SDC messages could be disrupted, which may affect hospital operations relying on these services.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-14036. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart