Dräger Perseus A500 Denial-of-Service Vulnerability via Medibus Interface

Vulnerability

A denial-of-service vulnerability has been identified in the Dräger Perseus A500 software, specifically in versions 2.00 through 2.02. This vulnerability arises from improper input handling that allows external attackers to disrupt service by sending specially crafted data that does not comply with Medibus standards, through the Medibus interface. The malformed data can overload the device's internal processor, causing it to warm restart. This interruption drops the ventilation pressure to ambient levels, disrupting patient ventilation for several seconds before normal therapy resumes.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing a temporary interruption in ventilation therapy by dropping ventilation pressure to ambient levels for several seconds.

Added: Jun 2, 2026, 8:54 PM

Updated: Jun 2, 2026, 8:54 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.9

remediation

0.0

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dräger Perseus A500 Denial-of-Service Vulnerability via Medibus Interface

Vulnerability

Impact

Affected Products

Dräger Perseus A500

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating