Fourth Frontier Frontier X Mobile Application, Frontier X2

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-148-01.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of this vulnerability could allow an attacker to read and write arbitrary handle values and change clinical readings, which could result in taking control of the device and lead to patient harm. /strong /p p The following versions of Fourth Frontier Frontier X Mobile Application, Frontier X2 are affected: /p ul li Frontier X Android application vers lt;v15.0.0 /li li Frontier X IOS application vers lt;v25.0.0 /li li Frontier X2 vers:all/* /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.8 /td td Fourth Frontier /td td Fourth Frontier Frontier X Mobile Application, Frontier X2 /td td Missing Authentication for Critical Function /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Healthcare and Public Health /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong United States /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-5768 /a /h3 div class="csaf-accordion-content" p The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping activities, triggering vibrations, causing denial-of-service conditions, and fuzzing characteristic values to induce unexpected behavior. Additionally, the Frontier X mobile application lacks proper BLE device authentication, allowing attackers to impersonate a legitimate Frontier X2 device and connect to the application. By cloning BLE advertisements and exposing expected GATT characteristics, attackers can manipulate activity states and inject fabricated health telemetry such as breathing rate, heart rate, strain, and other health-related data into the mobile application. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-5768" View CVE Details /a /p hr h4 Affected Products /h4 h5 Fourth Frontier Frontier X Mobile Application, Frontier X2 /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Fourth Frontier /div div class="ics-version" strong Product Version: /strong br Fourth Frontier Frontier X Android application: lt;v15.0.0, Fourth Frontier Frontier X IOS application: lt;v25.0.0, Fourth Frontier Frontier X2: vers:all/* /div div class="ics-sta