الثغرات ›

CVE-2019-25720

متوسط

CWE-1286 — نوع الضعف

                    نُشر: Jun 3, 2026                      ·  آخر تحديث: Jun 6, 2026                      ·  المصدر: NVD                

CVSS v3

6.5

🔗 NVD الرسمي

📄 الوصف (الإنجليزية)

Dräger SC Monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) contain a denial-of-service vulnerability in all software versions that allows unauthenticated attackers to reboot the monitor by sending a malformed network packet. Attackers can repeatedly send such malformed packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

🤖 ملخص AI

CVE-2019-25720 is a denial-of-service vulnerability affecting Dräger SC monitoring devices that allows unauthenticated attackers to remotely reboot critical patient monitoring equipment via malformed network packets. With no available patch and no authentication required, this vulnerability poses a significant risk to healthcare facilities in Saudi Arabia that rely on these devices for continuous patient monitoring. The lack of exploit availability provides limited immediate threat, but the potential for service disruption in clinical settings demands urgent mitigation.

📄 الوصف (العربية)

🤖 التحليل الذكي آخر تحليل: Jun 4, 2026 10:16

🇸🇦 التأثير على المملكة العربية السعودية

Healthcare sector is most critically affected, particularly hospitals and medical centers using Dräger SC monitoring devices for intensive care units (ICUs), cardiac care, and operating rooms. Saudi Ministry of Health facilities, private hospital chains (like Dr. Sulaiman Al Habib, National Guard Health Affairs), and specialized cardiac centers are at risk. Repeated device reboots could lead to loss of patient monitoring data, delayed clinical responses to patient deterioration, and potential patient safety incidents. Secondary impact on medical device inventory management and compliance with healthcare regulations.

🏢 القطاعات السعودية المتأثرة

Healthcare Medical Device Manufacturing Hospital Networks Intensive Care Units Cardiac Care Centers Operating Room Management

🎯 تقنيات MITRE ATT&CK

T1499 - Endpoint Denial of Service T1561 - Disk Wipe T1529 - System Shutdown/Reboot T1190 - Exploit Public-Facing Application T1046 - Network Service Discovery

⚖️ درجة المخاطر السعودية (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Inventory all Dräger SC monitoring devices (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) in your healthcare facilities

2. Implement network segmentation to isolate patient monitoring devices on dedicated VLANs with restricted access

3. Deploy network access controls (NAC) to prevent unauthorized devices from connecting to monitoring networks

4. Enable logging and monitoring of all network traffic to/from affected devices



Compensating Controls:

5. Implement firewall rules to restrict network access to monitoring devices - allow only authorized clinical workstations and nursing stations

6. Disable unnecessary network services on monitoring devices if operationally feasible

7. Monitor device logs for unexpected reboot events and configure alerts

8. Establish manual backup monitoring procedures for critical patients during potential outages

9. Implement network-based intrusion detection signatures to identify malformed packets targeting these devices

10. Conduct regular device integrity checks and document baseline configurations



Detection Rules:

- Monitor for unexpected reboot events in device logs

- Alert on malformed or suspicious network packets destined to monitoring device ports

- Track device uptime anomalies and frequent restart patterns

- Monitor for unauthorized network access attempts to device management interfaces

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بحصر جميع أجهزة مراقبة درايجر SC في منشآتك الصحية

2. تطبيق تقسيم الشبكة لعزل أجهزة المراقبة على شبكات افتراضية مخصصة

3. نشر عناصر التحكم في الوصول إلى الشبكة لمنع الأجهزة غير المصرح بها

4. تفعيل تسجيل ومراقبة جميع حركة المرور الشبكية



الضوابط البديلة:

5. تطبيق قواعد جدار الحماية لتقييد الوصول إلى أجهزة المراقبة

6. تعطيل الخدمات الشبكية غير الضرورية إن أمكن

7. مراقبة سجلات الجهاز للكشف عن أحداث إعادة التشغيل غير المتوقعة

8. وضع إجراءات مراقبة يدوية احتياطية للمرضى الحرجين

9. تطبيق توقيعات كشف التسلل لتحديد الحزم المعيبة

10. إجراء فحوصات منتظمة لسلامة الجهاز

📋 خريطة الامتثال التنظيمي

🟢 NCA ECC 2024

ECC 2024 A.8.1 - Asset Management and Inventory Control ECC 2024 A.8.2 - Network Segmentation and Access Control ECC 2024 A.8.3 - Monitoring and Logging ECC 2024 A.8.4 - Incident Response and Business Continuity

🔵 SAMA CSF

SAMA CSF ID.AM-1 - Physical Devices and Software Assets SAMA CSF PR.AC-3 - Access Control and Authentication SAMA CSF DE.CM-1 - Detection and Analysis SAMA CSF RS.MI-1 - Incident Response and Recovery

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access Control ISO 27001:2022 A.8.1 - Asset Management ISO 27001:2022 A.8.22 - Monitoring ISO 27001:2022 A.8.23 - Network Segmentation

🔗 المراجع والمصادر 2

🔗

https://static.draeger.com/security/download/2019-11-27-Draeger-SC7000-SC9000-security-...

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/dr-ger-sc-monitoring-devices-dos-via-malformed-net...

disclosure@vulncheck.com

📊 CVSS Score

6.5

/ 10.0 — متوسط

📊 CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorA — Adjacent

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 حقائق سريعة

الخطورة متوسط

CVSS Score6.5

CWECWE-1286

EPSS0.02%

اختراق متاح لا

تصحيح متاح ✗ لا

تاريخ النشر 2026-06-03

المصدر nvd

المشاهدات 2

🇸🇦 درجة المخاطر السعودية

7.2

/ 10.0 — مخاطر السعودية

أولوية: HIGH

🏷️ الوسوم

CWE-1286

⚡ إجراءات

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2019-25720

عرّفنا بنفسك

تسجيل الدخول مطلوب