By weakness (CWE)

CWE-1286: related vulnerabilities

CVEs classified under CWE-1286. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

5 published vulnerabilities

  • CVE-2025-8873HIGH 7.5

    A flaw in Arista EOS can be triggered by a specially crafted network packet when IPsec is enabled, causing the system to stop forwarding all IPsec-protected traffic. While the control plane may attempt to recover and restart IPsec processing, traffic flow may not resume afterward. Non-IPsec traffic and IPsec sessions not local to the affected device remain unaffected. An Arista customer first reported this issue.

  • CVE-2019-25720MEDIUM 6.5

    Dräger patient monitoring systems (SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL) are vulnerable to denial-of-service attacks from attackers on the same network segment. An unauthenticated attacker can send specially crafted network packets to force the monitor to reboot repeatedly, disrupting continuous patient monitoring. The device may then revert to default settings and lose network connectivity, compounding the disruption to clinical workflows.

  • CVE-2019-25723MEDIUM 4.0

    Dräger Perseus A500 ventilators running software versions 2.00 through 2.02 are vulnerable to a denial-of-service attack. An attacker on the network can send malformed data through the Medibus medical interface to crash the device's processor, forcing a warm restart. During this restart—which lasts several seconds—ventilation pressure drops to ambient level, temporarily interrupting therapy delivery before the device recovers. This is a network-accessible vulnerability with no authentication required, making it a genuine concern for clinical environments.

  • CVE-2021-4479MEDIUM 4.0

    Dräger Atlan A350 patient monitoring devices running firmware versions 1.00 through 1.01 are vulnerable to a denial-of-service attack delivered through the Medibus network interface. An attacker can send malformed data packets that the device fails to validate properly, causing the internal processor to become overloaded. Over several hours, this degradation manifests as loss of data transmission capability, delays in displaying vital sign curves, and discrepancies between measured airway pressure and displayed values—conditions that could compromise clinical decision-making in critical care settings.

  • CVE-2026-10099MEDIUM 4.0

    XX-Net V5.16.6 has a flaw in how it processes WebSocket communications that causes data corruption. When a client sends WebSocket frames without proper masking, the server incorrectly interprets the first 4 bytes of the message as a mask key (even when masking wasn't used), then mangles the rest of the data by applying the wrong decryption. This results in corrupted data being processed by the application. The vulnerability affects local attack scenarios and has medium severity.