CVE-2021-4479

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-4479
Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload the internal processor, gradually disrupting device operation over several hours and causing loss of data transmission, delayed display of real-time curves, and deviation between displayed airway pressure values and screen curves.

4.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References
Link Resource
https://static.draeger.com/security/download/2021-05-04-PSA-21-124-1-Security-Advisory-Atlan.pdf
https://www.vulncheck.com/advisories/drager-atlan-a350-dos-via-medibus-interface
Configurations

No configuration.

History

10 Jun 2026, 17:16

Type Values Removed Values Added
References
  • {'url': 'https://www.vulncheck.com/advisories/dr-ger-atlan-a350-dos-via-medibus-interface', 'source': 'disclosure@vulncheck.com'}
  • () https://www.vulncheck.com/advisories/drager-atlan-a350-dos-via-medibus-interface -

10 Jun 2026, 16:16

Type Values Removed Values Added
Summary (en) Dräger Atlan A350 software versions 1.00 through 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload the internal processor, gradually disrupting device operation over several hours and causing loss of data transmission, delayed display of real-time curves, and deviation between displayed airway pressure values and screen curves. (en) Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload the internal processor, gradually disrupting device operation over several hours and causing loss of data transmission, delayed display of real-time curves, and deviation between displayed airway pressure values and screen curves.

03 Jun 2026, 19:16

Type Values Removed Values Added
References
  • {'url': 'https://static.draeger.com/security', 'source': 'disclosure@vulncheck.com'}
  • () https://static.draeger.com/security/download/2021-05-04-PSA-21-124-1-Security-Advisory-Atlan.pdf -

02 Jun 2026, 20:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-06-02 20:16

Updated : 2026-06-17 04:19

NVD link : CVE-2021-4479

Mitre link : CVE-2021-4479

CVE.ORG link : CVE-2021-4479

JSON object : View

Products Affected

No product.

CWE
CWE-1286

Improper Validation of Syntactic Correctness of Input