{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T06:12:24.454","vulnerabilities":[{"cve":{"id":"CVE-2022-41627","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2022-10-27T21:15:15.573","lastModified":"2024-11-21T07:23:31.537","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"\nThe physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols. Exploiting this vulnerability could allow an attacker to read patient EKG results or create a denial-of-service condition by emitting sounds at similar frequencies as the device, disrupting the smartphone microphone’s ability to accurately read the data. To carry out this attack, the attacker must be close (less than 5 feet) to pick up and emit sound waves.\n\n"},{"lang":"es","value":"El dispositivo físico IoT de AliveCor's KardiaMobile, basado en un teléfono inteligente de electrocardiograma personal (EKG), no tiene cifrado para sus protocolos de datos sobre sonido. Explotar esta vulnerabilidad podría permitir a un atacante leer los resultados del EKG del paciente o crear una condición de Denegación de Servicio al emitir sonidos en frecuencias similares a las del dispositivo, interrumpiendo la capacidad del micrófono del teléfono inteligente para leer los datos con precisión. Para llevar a cabo este ataque, el atacante debe estar cerca (a menos de 5 pies) para captar y emitir ondas sonoras."}],"metrics":{"cvssMetricV31":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"PHYSICAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H","baseScore":7.6,"baseSeverity":"HIGH","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":4.7}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-311"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-319"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:alivecor:kardiamobile_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"6EADECC1-EF47-43B5-9213-CA92945DE4A8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:alivecor:kardiamobile:-:*:*:*:*:*:*:*","matchCriteriaId":"C5ED3887-643F-430C-B2A1-CCEDBE71F2B6"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:alivecor:kardiamobile_6l_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"37A5B811-EFDF-4497-9E4C-D2D663C5A15B"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:alivecor:kardiamobile_6l:-:*:*:*:*:*:*:*","matchCriteriaId":"EB03F4F8-687B-493D-BBEA-553831EBBA43"}]}]},{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:alivecor:kardiamobile_card_firmware:-:*:*:*:*:*:*:*","matchCriteriaId":"7FF05B50-32FB-4BCE-9C84-BDB46CDAC1D8"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:alivecor:kardiamobile_card:-:*:*:*:*:*:*:*","matchCriteriaId":"18DF9CF0-6D64-474C-A65C-5003893A5C79"}]}]}],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01","source":"ics-cert@hq.dhs.gov","tags":["Third Party Advisory","US Government Resource"]},{"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-22-298-01","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"]}]}}]}