PT-2026-60166 · Icu Scandinavia · Boomerang
Marek Figielski
·
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-46459
CVSS v4.0
5.3
Medium
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
ICU Scandinavia Boomerang is vulnerable to a missing authentication flaw in its device receiver endpoints. This allows an unauthenticated remote attacker to read full facility configurations and write unauthorized data to the sensor database.
This issue has been fixed in version 2.4.18.029
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Boomerang