CVE-2023-31222: Medtronic Paceart MSMQ Deserialization of Untrusted Data

9.8 CVSS

Description

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.

Classification

CVE ID: CVE-2023-31222

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Affected Products

Vendor: Medtronic

Product: Paceart Optima

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.11% (probability of being exploited)

EPSS Percentile: 44.64% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html

Timeline

2024-11-27 14:40:59 UTC
CVE

Medtronic Paceart MSMQ Deserialization of Untrusted Data