CVE-2019-25719

Published: Jun 2, 2026

Modified: Jun 3, 2026

PUBLISHED

CVSS v3.1

8.6

HIGH

Description

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower contain network message handling vulnerabilities that allow network-adjacent attackers to spoof or tamper with data and cause denial-of-service conditions. Attackers with access to an enabled Infinity network port or physical proximity to a wireless access point can modify device settings such as alarm states or alarm limits, and overwhelm the system with incoming data causing the device to reboot and lose network functionality.

Vendor	Product	Versions
Dräger	Infinity Acute Care System	affected `0 - <= VG4.1.1` affected `0 - <= VG4.0.3` unaffected `VG4.2`
Dräger	Standalone Infinity M540 patient monitor	affected `0 - <= VG4.1.1` unaffected `VG4.2`

Weaknesses (CWE)

CWE-924

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

High

References

https://static.draeger.com/security/download/PSA-19-255-02_Product-Security-Advisory-IACS-VG4.1.pdf

vendor-advisory

https://www.vulncheck.com/advisories/dr-ger-infinity-m540-vg4-spoofing-and-dos-via-network-message-handling

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-25719

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References