Dräger Medical Devices: 15 Vulnerabilities Disclosed in 24-Hour Window
Key findings • Fifteen vulnerabilities affecting Dräger medical devices were disclosed on June 1-2, 2026. • High-severity flaws include remote data injection, denial-of-service, and privileg…
Key findings
- Fifteen vulnerabilities affecting Dräger medical devices were disclosed on June 1-2, 2026.
- High-severity flaws include remote data injection, denial-of-service, and privilege escalation.
- Affected devices include anesthesia workstations, patient monitors, and monitoring systems.
- Vulnerabilities range from USB interface manipulation to network message handling flaws.
- Privilege escalation in Protector Software and Infinity Explorer C700 allows arbitrary code execution.
- DoS vulnerabilities impact multiple device lines via crafted network packets and message handling.
A significant batch of fifteen security vulnerabilities impacting a range of Dräger medical devices was disclosed on June 1st and 2nd, 2026. The vulnerabilities, spanning denial-of-service, privilege escalation, and data integrity issues, affect critical patient monitoring and anesthesia equipment, raising concerns about the security of healthcare infrastructure.
Several high-severity vulnerabilities were identified. CVE-2022-4992 and CVE-2019-25719, both rated at CVSSv3 8.6, affect the Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors. These flaws allow network-adjacent attackers to inject spoofed or tampered data and cause denial-of-service conditions by exploiting network message handling vulnerabilities. Similarly, CVE-2021-4478 (CVSSv3 8.2) impacts Dräger CC-Vision Basic and CC-Vision E-Cal software, allowing for application crashes or malicious code execution via crafted .gdt files due to an out-of-bounds write vulnerability.
Privilege escalation is another key theme within this batch. CVE-2021-4481 and CVE-2021-4480, both rated at CVSSv3 8.2, affect Dräger Protector Software prior to version 6.4.2. These vulnerabilities stem from insecure file system permissions, enabling local attackers to execute arbitrary code with elevated privileges by replacing system binaries or loaded modules. A critical privilege escalation vulnerability, CVE-2019-25718 (CVSSv3 8.4), affects the Dräger Infinity Explorer C700, allowing attackers to escape kiosk mode and gain control of the underlying operating system.
Denial-of-service (DoS) vulnerabilities are prevalent across multiple device types. CVE-2024-14036 (CVSSv3 7.5) affects Dräger Core and M540 Converter Service, allowing network-adjacent attackers to trigger high CPU load via specially crafted SDC messages. Dräger SC Monitoring devices are affected by CVE-2019-25722 (CVSSv3 7.6), which includes hard-coded plaintext credentials and a DoS vulnerability exploitable by local and remote attackers. Other DoS issues include CVE-2021-4479 (CVSSv3 4.0) and CVE-2019-25723 (CVSSv3 4.0) affecting Dräger Atlan A350 and Perseus A500 respectively, due to improper input handling via the Medibus interface. Additionally, CVE-2019-25716 (CVSSv3 6.5) allows remote attackers to reboot Dräger Infinity Delta, Delta XL, and Kappa monitors via malformed network packets.
Several vulnerabilities specifically target patient worn monitors and other network-connected devices. CVE-2025-15653 (CVSSv3 6.8) involves a local vulnerability on Dräger Zeus IE and Zeus RS C500 anesthesia workstations, allowing compromise of software integrity via USB manipulation. CVE-2019-25724 (CVSSv3 6.5) and CVE-2019-25721 (CVSSv3 6.5) affect Dräger Infinity M300 patient worn monitors, enabling network-based denial-of-service attacks that can lead to device reboots and fail states. CVE-2019-25717 (CVSSv3 4.3) presents an information disclosure vulnerability in Dräger Infinity Delta, Delta XL, and Kappa monitors, allowing unauthenticated network attackers to access sensitive log files.
The disclosure of these fifteen vulnerabilities within a 24-hour period highlights a critical need for healthcare organizations to review and update their Dräger medical equipment. The range of affected devices and vulnerability types underscores the complex security challenges in the medical device landscape. Users are advised to consult Dräger's official advisories for specific patching information and mitigation strategies.