CVE-2019-25716: Dräger Infinity Delta/Kappa Patient Monitor DoS via Malformed Network Packet
Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Security readout for executives and security teams
Plain-English summary
Certain Dräger Infinity Delta, Delta XL, and Kappa patient monitors can be forced to reboot by malformed network traffic. Repeated disruption could interrupt patient monitoring and eventually leave the device on default configuration without network connectivity. This is a patient-care availability risk, not a data-theft issue based on the provided sources.
Executive priority
Prioritize for biomedical engineering and clinical network teams. The main business risk is interruption of patient monitoring, which can affect care delivery and operational resilience. Treat as urgent where affected monitors are on shared, poorly segmented, or hard-to-monitor networks.
Technical view
CVE-2019-25716 is a high-severity denial-of-service issue in Dräger Infinity Delta, Delta XL, and Kappa patient monitors. An unauthenticated attacker with network access can send a malformed packet that triggers reboot. Repeated packets can disrupt monitoring until fallback to default configuration and loss of network connectivity. CVSS v4.0 score is 7.1; CWE listed is CWE-15.
Likely exposure
Exposure is most likely in hospitals or care environments where affected Dräger monitors are reachable on clinical networks. The provided sources do not indicate internet exposure. Risk depends on whether untrusted or compromised systems can reach patient monitor network segments.
Exploitation context
The CVE is not listed as KEV in the provided data, and no cited source states active exploitation. Exploitation requires network reachability to the monitor and does not require authentication or user interaction, according to the CVSS data and description.
Researcher notes
Evidence is limited to the CVE record, vendor advisory reference, and VulnCheck advisory. Version granularity is broad and should be confirmed with Dräger documentation. Do not assume exploitation in the wild from these sources. Focus validation on reachable affected devices, unexpected reboots, and network segmentation controls.
Mitigation direction
Identify any Dräger Infinity Delta, Delta XL, or Kappa monitors in clinical environments.
Review the Dräger advisory and confirm current vendor guidance for affected configurations.
Contact Dräger support for remediation, configuration, or service instructions applicable to deployed devices.
Restrict network access to patient monitors to only required trusted systems.
Monitor affected segments for unexpected device reboots or loss of monitor connectivity.
Validation and detection
Inventory deployed Dräger monitor models and software versions against the advisory.
Confirm patient monitors are not reachable from untrusted networks.
Review monitoring or biomedical engineering records for repeated unexplained reboots.
Validate that clinical workflows have downtime procedures for monitor network loss.
Track Dräger guidance and document remediation status for each affected device.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-15: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-15 · source CWE mapping
External Control of System or Configuration Setting
External Control of System or Configuration Setting represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.