Microchip Technology's Ventilator Microcontroller Vulnerable to Memory Protection Bypass
CVE-2024-48970

Currently unrated

Key Information:

Vendor

Microchip Technology

Vendor
CVE Published:
14 November 2024

What is CVE-2024-48970?

The ventilator's microcontroller lacks memory protection. An attacker could connect to the internal JTAG interface and read or write to flash memory using an off-the-shelf debugging tool, which could disrupt the function of the device and/or cause unauthorized information disclosure.

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

Timeline

  • Vulnerability published

.
CVE-2024-48970 : Microchip Technology's Ventilator Microcontroller Vulnerable to Memory Protection Bypass