You are here

Medical device cyber security information for users

Consumers, health professionals, small business operators and large scale service providers

6 April 2021

Book pagination

Appendix 1: Known vulnerabilities

The following list, which is not exhaustive, contains examples of known cyber security vulnerabilities for medical devices.

  1. Authentication bypass
  2. Buffer overflow
  3. Code injection
  4. Communication protocol vulnerability
  5. Credentials insufficiently protected
  6. Cross-site scripting
  7. Cryptographic issues
  8. Data authenticity insufficiently verified
  9. Debug service enabled by default
  10. Default password
  11. Exposed dangerous method or function
  12. Flash memory content insufficiently protected
  13. Hard-coded credentials
  14. Improper access control
  15. Improper authentication
  16. Improper authorisation
  17. Improper certificate validation
  18. Improper control of generation code
  19. Improper exception handling
  20. Improper input validation
  21. Improper restriction of communication channel to intended endpoints
  22. Improper restriction of operations within the bounds of a memory buffer
  23. Power consumption: improper restriction
  24. Reference information exposure
  25. Leftover debug code
  26. Man-in-the-middle
  27. Meltdown, Spectre and Spoiler
  28. Missing confidentiality
  29. Numeric errors
  30. Out-of-bounds read
  31. Path traversal
  32. PC operating system vulnerabilities
  33. Protection mechanism failure
  34. Relative path traversal
  35. Resource consumption uncontrolled
  36. Resource management errors
  37. Search path element uncontrolled
  38. Session expiration insufficient
  39. Unquoted search path or element
  40. Untrusted input accepted
  41. Vulnerable third-party software
  42. Weak password hashing algorithm
  43. XML external entity: improper restriction

Book pagination