Marie Moe

**Name of the Vulnerable Software and Affected Versions** BIOTRONIK CardioMessenger II (affected versions not specified) **Description** The affected products do not properly enforce mutual authentication with the BIOTRONIK Remote Communication infrastructure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BIOTRONIK CardioMessenger II (affected versions not specified) Description: The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentials for connecting to the BIOTRONIK Remote Communication infrastructure. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BIOTRONIK CardioMessenger II (affected versions not specified) Description: The affected product allows credential reuse for multiple authentication purposes. An attacker with adjacent access to the CardioMessenger can disclose its credentials used for connecting to the BIOTRONIK Remote Communication infrastructure. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: BIOTRONIK CardioMessenger II (affected versions not specified) Description: The issue concerns the storage of individual per-device credentials in a recoverable format. An attacker with physical access to the CardioMessenger can exploit these credentials for network authentication and to decrypt local data in transit. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.