Dräger Infinity M300 Network-Based Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Dräger Infinity M300 patient-worn monitors running software versions VG2.x and earlier. This vulnerability allows attackers with access to the hospital or Infinity Network to repeatedly cause the devices to reboot. After several reboots, the device enters a fail state that requires a manual restart. Exploitation of this vulnerability disrupts wireless network connectivity, temporarily halts patient monitoring, and interrupts alarm functionality, all of which must be manually restored.

Impact

Exploitation of this vulnerability leads to a network-based denial-of-service condition, causing the device to repeatedly reboot until it fails and requires manual intervention. This disruption results in a temporary loss of patient monitoring and alarm functionality, as well as wireless network connectivity, until the device is manually restarted.