CVE-2019-25720: Dräger SC Monitoring Devices DoS via Malformed Network Packet
Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.
Security readout for executives and security teams
Plain-English summary
Affected Dräger SC patient monitoring devices can be forced to reboot by an unauthenticated attacker on a reachable network. Repeated malformed packets may disrupt patient monitoring until devices fall back to default configuration and lose network connectivity. This is a patient-care availability risk, not a data theft issue based on the provided sources.
Executive priority
Treat as high priority for hospitals or care environments using these monitors. The business issue is patient monitoring availability and operational continuity, not confidentiality. Prioritize inventory, vendor engagement, and clinical risk review before making network changes.
Technical view
CVE-2019-25720 affects Dräger SC 6002XL, SC 6802XL, SC 7000, SC 8000, and SC 9000 XL devices, reportedly in all software versions. The issue is CWE-1286 and has CVSS v4.0 score 7.1, with adjacent-network attack vector, low complexity, no privileges, no user interaction, and high availability impact.
Likely exposure
Exposure is highest where affected monitors are reachable from clinical networks, shared hospital LANs, or compromised adjacent systems. The provided CVSS vector indicates adjacent-network access, not direct internet attack. Organizations using these legacy Dräger SC monitors should assume network-reachable units are potentially exposed until verified.
Exploitation context
CISA KEV status is false in the provided data. The sources do not state active exploitation in the wild. The described impact is denial of service through malformed network packets, and repeated traffic can prolong disruption to patient monitoring and network connectivity.
Researcher notes
The record describes a network-triggered unauthenticated denial of service with adjacent attack vector and high availability impact. Evidence in the bundle does not identify a patch, public exploitation, or internet-scale exposure. Product naming has minor inconsistencies in the source bundle; verify exact models against the Dräger advisory.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · low confidence lookup
CWE-1286: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-1286 · source CWE mapping
Improper Validation of Syntactic Correctness of Input
Improper Validation of Syntactic Correctness of Input represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.