Technical
Advisory
Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.


Lack of Medical data encryption and integrity in Niscomed Multipara Patient Monitor
Vulnerability
Lack of User’s Medical data encryption and integrity
Vulnerability Description
An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. This data can be accessed using CVE-2020-15482/CVE-2020-15483 and tamper with the user’s medical data.
CVE-ID
CVE-2020-15484
Vendor
Nescomed
Product
M1000 Multipara Patient monitor
Disclosure Timeline
22 June 2020 reported to the vendor
22 July 2020 No response from the vendor and Public disclosure.
Credit
Arun Magesh