CVE-2021-38398 | HackTesting

The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.

Credits

Endres Puschner - Max Planck Institute for Security and Privacy, Bochum, Christoph Saatjohann - FH Münster University of Applied Sciences, Christian Dresen - FH Münster University of Applied Sciences, and Markus Willing - University of Muenster, discovered these issues as part of broader academic research of cardiac devices and reported them to Boston Scientific.

References

https://us-cert.cisa.gov/ics/advisories/icsma-21-273-01