CVE-2017-14012
Description
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Boston Scientific ZOOM LATITUDE PRM Model 3120 fails to encrypt PHI at rest, exposing patient data to attackers with physical access.
Vulnerability
Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt Protected Health Information (PHI) stored on the device. All versions of the ZOOM LATITUDE PRM Model 3120 are affected [1]. This is a separate issue from the hard-coded cryptographic key vulnerability (CVE-2017-14014).
Exploitation
An attacker with physical access to the device can extract unencrypted PHI from the device's internal storage. The device is not designed to be network accessible, so only physical access is required [1].
Impact
Successful exploitation leads to unauthorized disclosure of patient health information (PHI), resulting in a confidentiality breach. There is no impact on integrity or availability [1].
Mitigation
As of the publication of ICSMA-17-292-01, no firmware patch has been released. Boston Scientific has provided compensating controls, such as restricting physical access to the devices and following recommended security practices [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: Model 3120
- Boston Scientific/ZOOM LATITUDE PRMv5Range: Model 3120
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/101510mitrevdb-entryx_refsource_BID
- ics-cert.us-cert.gov/advisories/ICSMA-17-292-01mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.