CVE-2022-4992
Essential information
- Published
- 02/06/2026 22:16
- Modified
- 03/06/2026 20:16
- Author
- —
- Creator
- —
- CVSS
- 8.8 HIGH (v3) 8.8 HIGH (v4.0)
- CISA KEV
- No
- CWE
- —
- CVSS vector
-
—
—
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVSS metrics
- Access vector
- —
- Access complexity
- —
- Authentication
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- NETWORK
- Attack complexity
- LOW
- Attack requirements
- NONE
- Privileges required
- NONE
- User interaction
- NONE
- Confidentiality (V)
- LOW
- Confidentiality (S)
- NONE
- Integrity (V)
- LOW
- Integrity (S)
- NONE
- Availability (V)
- HIGH
- Availability (S)
- NONE
- Exploit maturity
- NOT_DEFINED
Description
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected) contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service conditions. Attackers can compromise network communications to modify device settings such as alarm states or alarm limits, or overwhelm the system with excessive network traffic causing the Cockpit or M540 to reboot and lose network functionality.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| drager / infinity acute care system | cpe:2.3:a:drager:infinity_acute_care_system:VG4.1.1:*:*:*:*:*:*:* |
| drager / infinity acute care system | cpe:2.3:a:drager:infinity_acute_care_system:VG4.0.3:*:*:*:*:*:*:* |
| drager / infinity acute care system | cpe:2.3:a:drager:infinity_acute_care_system:<VG4.0.3:*:*:*:*:*:*:* |
| drager / standalone infinity m540 | cpe:2.3:a:drager:standalone_infinity_m540:VG4.1.1:*:*:*:*:*:*:* |
| drager / standalone infinity m540 | cpe:2.3:a:drager:standalone_infinity_m540:VG4.0.3:*:*:*:*:*:*:* |
| drager / standalone infinity m540 | cpe:2.3:a:drager:standalone_infinity_m540:<VG4.0.3:*:*:*:*:*:*:* |