Home

Description

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed.

PUBLISHED Reserved 2026-06-02 | Published 2026-06-02 | Updated 2026-06-03 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status
unknown

Any version
affected

Default status
unknown

Any version
affected

References

static.draeger.com/...-1-gSOAP-Product-Security-Advisory.pdf vendor-advisory

www.vulncheck.com/...al-of-service-via-malformed-sdc-message third-party-advisory

cve.org (CVE-2024-14036)

nvd.nist.gov (CVE-2024-14036)

Download JSON