CVE-2024-14036

HIGH 7.5

Dräger Core 1.0.5 Denial of Service via Malformed SDC Message

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

12th

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 contain a denial of service vulnerability that allows network-adjacent attackers to trigger high CPU load by sending specially crafted, unencrypted SDC messages during the discovery process. Attackers with access to the hospital network can send malformed SDC packets to exhaust CPU resources in the affected process, causing further SDC messages to no longer be processed.

CWE	CWE-400
Vendor	dräger
Product	core
Published	Jun 2, 2026
Last Updated	Jun 3, 2026

Stay Ahead of the Next One

Get instant alerts for dräger core

Be the first to know when new high vulnerabilities affecting dräger core are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Dräger / Core

0 ≤ 1.0.5

Dräger / M540 Converter Service

0 ≤ 1.0.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

static.draeger.com: https://static.draeger.com/security/download/PSA-24-110-1-gSOAP-Product-Security-Advisory.pdf vulncheck.com: https://www.vulncheck.com/advisories/dr-ger-core-denial-of-service-via-malformed-sdc-message