CVE-2022-4992
Description
Dräger patient monitors are vulnerable to network message injection, allowing remote attackers to tamper with settings or cause denial-of-service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Dräger patient monitors are vulnerable to network message injection, allowing remote attackers to tamper with settings or cause denial-of-service.
Vulnerability
Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors, specifically versions VG4.1.1, VG4.0.3, and lower, with VG4.2 partially affected, contain a vulnerability in their network message handling. This flaw allows for the injection of spoofed or tampered data into network communications.
Exploitation
Remote attackers can exploit this vulnerability by compromising network communications. This allows them to inject spoofed or tampered data, potentially modifying device settings such as alarm states or alarm limits. Alternatively, attackers can overwhelm the system with excessive network traffic.
Impact
Successful exploitation can lead to denial-of-service conditions, causing the Cockpit or M540 to reboot and lose network functionality. Attackers can also modify critical device settings, impacting patient care and safety.
Mitigation
Not yet disclosed in the available references.
AI Insight generated on Jun 2, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected)
- Range: VG4.1.1, VG4.0.3, and lower (with VG4.2 partially affected)
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2News mentions
0No linked articles in our index yet.