Improper data protection on the ventilators serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.