CVE-2020-27290

Name of the Vulnerable Software and Affected Versions: Hamilton Medical AG T1-Ventillator versions 2.2.3 and prior

Description: An information disclosure issue in the ventilator allows attackers with physical access to the configuration interface's logs to obtain valid checksums for tampered configuration files. This could potentially be exploited by attackers to manipulate configuration files without being detected.

Recommendations: For versions 2.2.3 and prior, as a temporary workaround, consider restricting physical access to the configuration interface's logs until a patch is available. Additionally, monitor the configuration files for any signs of tampering and verify their integrity regularly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.