CVE-2017-14018 - Vulnerability Details - OpenCVE

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ethicon	Endo-surgery Generator Gen11 Endo-surgery Generator Gen11 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:ethicon:endo-surgery_generator_gen11_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:ethicon:endo-surgery_generator_gen11:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/101978
https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2017-12-05T23:00:00

Updated: 2024-08-05T19:13:41.676Z

Reserved: 2017-08-30T00:00:00

Link: CVE-2017-14018

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-12-05T23:29:00.217

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-14018

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Ethicon Endo-Surgery Generator G11", "vendor": "n/a", "versions": [{"status": "affected", "version": "Ethicon Endo-Surgery Generator G11"}]}], "datePublic": "2017-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-12-06T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "101978", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101978"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2017-14018", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Ethicon Endo-Surgery Generator G11", "version": {"version_data": [{"version_value": "Ethicon Endo-Surgery Generator G11"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287"}]}]}, "references": {"reference_data": [{"name": "101978", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101978"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:13:41.676Z"}, "title": "CVE Program Container", "references": [{"name": "101978", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101978"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-14018", "datePublished": "2017-12-05T23:00:00", "dateReserved": "2017-08-30T00:00:00", "dateUpdated": "2024-08-05T19:13:41.676Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ethicon:endo-surgery_generator_gen11_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "41BE40E0-3AE7-498C-BEE9-F9B8886A0FC4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ethicon:endo-surgery_generator_gen11:-:*:*:*:*:*:*:*", "matchCriteriaId": "F123F258-704F-47C6-9089-5BC358649C03", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability."}, {"lang": "es", "value": "Se ha descubierto un problema de autenticaci\u00f3n indebida en Johnson Ethicon Endo-Surgery Generator Gen11, en todas las versiones lanzadas antes del 29 de noviembre de 2017. El mecanismo de autenticaci\u00f3n de seguridad empleado en Ethicon Endo-Surgery Generator Gen11 y en productos de uso para un solo paciente puede omitirse, permitiendo que dispositivos sin autorizaci\u00f3n se conecten al generador. Esto puede resultar en una p\u00e9rdida de integridad o disponibilidad."}], "id": "CVE-2017-14018", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 0.5, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-05T23:29:00.217", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101978"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101978"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}