Login Sign Up

CVE-2021-28112

8.8 HIGH
Remote Code Execution

📋 TL;DR

Draeger X-Dock devices with firmware before version 03.00.13 contain active debug code on a debug port, allowing authenticated attackers to execute arbitrary code remotely. This affects medical device infrastructure used in healthcare settings. Attackers with network access to these devices can potentially compromise patient data and device functionality.

💻 Affected Systems

Products:
  • Draeger X-Dock
Versions: All versions before 03.00.13
Operating Systems: Embedded firmware
Default Config Vulnerable: ⚠️ Yes
Notes: This is a medical device used in healthcare environments. The debug port is active by default in vulnerable versions.

📦 What is this software?

X Dock Firmware by Draeger

View all CVEs affecting X Dock Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to modify medical device configurations, steal sensitive patient data, disrupt critical healthcare operations, or use the device as a pivot point into hospital networks.

🟠

Likely Case

Unauthorized access to device configuration and patient data, potential disruption of medical device operations, and lateral movement within healthcare networks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though the vulnerability still exists in unpatched devices.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires authentication but debug ports typically have weak or default credentials. The vulnerability is in active debug code that should have been removed from production firmware.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 03.00.13

Vendor Advisory: https://static.draeger.com/security/download/PSA-21-120-1-X-Dock-Product-Security-Advisory.pdf

Restart Required: Yes

Instructions:

1. Download firmware version 03.00.13 from Draeger support portal. 2. Follow Draeger's firmware update procedure for X-Dock devices. 3. Verify successful update and restart device. 4. Test device functionality post-update.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate X-Dock devices on separate VLANs with strict firewall rules limiting access to authorized medical devices only.

Access Control Lists

all

Implement strict network ACLs to only allow necessary traffic to X-Dock devices from authorized sources.

🧯 If You Can't Patch

  • Segment X-Dock devices on isolated networks with no internet access
  • Implement strict firewall rules allowing only essential medical device communications

🔍 How to Verify

Check if Vulnerable:

Check firmware version via device web interface or management console. Versions below 03.00.13 are vulnerable.

Check Version:

Check via device web interface or consult Draeger documentation for version checking procedures.

Verify Fix Applied:

Confirm firmware version shows 03.00.13 or higher in device management interface.

📡 Detection & Monitoring

Log Indicators:

  • Unauthorized access attempts to debug ports
  • Unexpected firmware modification logs
  • Authentication failures followed by successful debug port access

Network Indicators:

  • Traffic to debug ports from unauthorized sources
  • Unexpected outbound connections from X-Dock devices

SIEM Query:

source_ip IN (X-Dock_IPs) AND (port=DEBUG_PORT OR protocol=DEBUG_PROTOCOL)

📊 Metadata

CVE ID: CVE-2021-28112
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published: May 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON