Skip to main content

Dräger Zeus Anesthesia Workstation CVE-2025-15653

| EUVDEUVD-2025-210044 HIGH
Exposure of Resource to Wrong Sphere (CWE-668)
2026-06-02 VulnCheck GHSA-qw79-r33f-9pvj
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

7
Patch available
Jun 02, 2026 - 23:01 EUVD
Analysis Updated
Jun 02, 2026 - 22:28 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 02, 2026 - 22:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 02, 2026 - 22:22 vuln.today
cvss_changed
Severity Changed
Jun 02, 2026 - 22:22 NVD
MEDIUM HIGH
CVSS changed
Jun 02, 2026 - 22:22 NVD
6.8 (MEDIUM) 7.0 (HIGH)
Analysis Generated
Jun 02, 2026 - 22:00 vuln.today

DescriptionCVE.org

Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to impair therapy functions, manipulate device-processed data, or leverage the device as a pivot point for broader network-based attacks when connected to a network or Dräger Service Connect.

AnalysisAI

Physical USB tampering against Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations allows an attacker with bedside access to compromise software integrity, alter therapy data, and pivot to connected networks or Dräger Service Connect. The flaw, disclosed by VulnCheck and tracked under CWE-668 (Exposure of Resource to Wrong Sphere), carries a CVSS 4.0 base score of 7.0 reflecting high impact across confidentiality, integrity, and availability of the device itself. There is no public exploit identified at time of analysis and no CISA KEV listing, but the medical-device context elevates patient-safety concern even at moderate technical severity.

Technical ContextAI

The Zeus IE and Zeus RS C500 are network-connected anesthesia delivery workstations used in operating theaters; the CPE strings cpe:2.3:a:dräger:zeus_ie and cpe:2.3:a:dräger:zeus_rs_c500 (all versions wildcarded) indicate the vulnerability spans the affected product lines without a known fixed build identifier in the public record. CWE-668 describes a resource - here the device's USB ports and the software/firmware surface they expose - being made accessible to an actor (anyone physically at the device) who should not be able to reach it. In practice the USB stack on these workstations lacks adequate authentication, signing, or input validation, so peripherals or storage devices can deliver code, configuration changes, or malformed data that the underlying anesthesia control software trusts.

RemediationAI

No vendor-released patch version is identified at time of analysis; healthcare providers should consult the Dräger security portal at https://www.draeger.com/security and the VulnCheck advisory at https://www.vulncheck.com/advisories/dr-ger-zeus-ie-anesthesia-workstation-usb-interface-privilege-escalation for any updated firmware or service bulletins, and contact Dräger Service Connect support to confirm the fix train. As compensating controls, physically restrict access to Zeus IE and Zeus RS C500 USB ports using port-blockers or tamper-evident seals during clinical use (trade-off: clinical engineering must remove them for legitimate service), enforce chaperoned access to operating rooms when devices are unattended, segment the workstations onto an isolated biomedical VLAN with egress filtering so a compromised device cannot pivot laterally (trade-off: may complicate Dräger Service Connect telemetry - coordinate firewall exceptions with the vendor), and require biomedical engineering to approve and scan any USB media before connection.

Share

CVE-2025-15653 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy