Home

Description

Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet. Attackers can repeatedly send malformed network packets to disrupt patient monitoring until the device falls back to default configuration and loses network connectivity.

PUBLISHED Reserved 2026-06-01 | Published 2026-06-01 | Updated 2026-06-03 | Assigner VulnCheck




HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-15 External Control of System or Configuration Setting

Product status

Default status
unaffected

Infinity Delta (custom)
affected

Default status
unaffected

Infinity Delta XL (custom)
affected

Default status
unaffected

Infinity Kappa (custom)
affected

Credits

Marc Ruef and Rocco Gagliardi, scip AG finder

References

static.draeger.com/...ity-delta-vf10-1-security-advisory.pdf vendor-advisory

www.vulncheck.com/...onitor-dos-via-malformed-network-packet third-party-advisory

cve.org (CVE-2019-25716)

nvd.nist.gov (CVE-2019-25716)

Download JSON