Search criteria
13 vulnerabilities found for 24950 MyCareLink Monitor by Medtronic
VAR-201807-1690
Vulnerability from variot - Updated: 2023-12-18 13:19Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1690",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "24952 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24950 mycarelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24952 mycarelink monitor",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24950_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24950_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24952_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24952_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"cve": "CVE-2018-8870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-8870",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12412",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-138902",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8870",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8870",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12412",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138902",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138902"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8870",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-179-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12412",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F5EF32-39AB-11E9-B3DF-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138902",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"id": "VAR-201807-1690",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
}
]
},
"last_update_date": "2023-12-18T13:19:01.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-179-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8870"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8870"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138902"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"date": "2018-07-03T01:29:01.940000",
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138902"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"date": "2019-10-09T23:42:59.847000",
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "24950 MyCareLink Monitor and 24952 MyCareLink Monitor Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
],
"trust": 0.6
}
}
VAR-201807-1689
Vulnerability from variot - Updated: 2023-12-18 13:19Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "24952 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24950 mycarelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24952 mycarelink monitor",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24950_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24950_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24952_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24952_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"cve": "CVE-2018-8868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-8868",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12411",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-138900",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8868",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8868",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138900",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8868",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-179-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F61640-39AB-11E9-A331-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138900",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"id": "VAR-201807-1689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
}
]
},
"last_update_date": "2023-12-18T13:19:01.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-179-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8868"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8868"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2018-07-03T01:29:01.877000",
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2019-10-09T23:42:59.550000",
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "24950 MyCareLink Monitor and 24952 MyCareLink Monitor Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
}
}
VAR-201903-1617
Vulnerability from variot - Updated: 2023-12-18 12:43The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. plural Medtronic The product contains cryptographic vulnerabilities.Information may be obtained. MyCareLink Monitor and others are products developed by Medtronic. An access control error vulnerability exists in several Medtronic products that stems from the failure of the Conexus telemetry protocol to perform cryptographic operations that an attacker can use to intercept communications (including sensitive information transmitted). Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. An attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1617",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "carelink monitor 2490c",
"scope": null,
"trust": 1.7,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink monitor 24952",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink monitor 2490c",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "primo icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink monitor 24950",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "2090"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": "primo icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "secura icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "primo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "evera icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "20900"
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor 24950",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "consulta crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "evera icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mirro icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nayamed nd icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primo icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "secura icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor 24952",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "visia af icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "viva crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink monitor 2490c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink 2090",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "amplia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "claria crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto ii crt d",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_monitor_24950_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_monitor_24950:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_monitor_24952_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_monitor_24952:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_monitor_2490c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_monitor_2490c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_2090_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_2090:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:amplia_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:amplia_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:claria_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:claria_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:compia_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:compia_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:concerto_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:concerto_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:concerto_ii_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:concerto_ii_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:consulta_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:consulta_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:evera_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:evera_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:maximo_ii_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:maximo_ii_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:maximo_ii_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:maximo_ii_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mirro_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mirro_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:nayamed_nd_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:nayamed_nd_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:primo_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:primo_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:protecta_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:protecta_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:protecta_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:protecta_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:secura_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:secura_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:virtuoso_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:virtuoso_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:virtuoso_ii_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:virtuoso_ii_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:visia_af_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:visia_af_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:viva_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:viva_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven reported these vulnerabilities to NCCIC.,Peter Morgan of Clever Security; Dave Singel\u00e9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospita,Peter Morgan of Clever Security; Dave Singel\u00c3\u00a9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6540",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6540",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-09066",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-157975",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6540",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6540",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-09066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-831",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157975",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. plural Medtronic The product contains cryptographic vulnerabilities.Information may be obtained. MyCareLink Monitor and others are products developed by Medtronic. An access control error vulnerability exists in several Medtronic products that stems from the failure of the Conexus telemetry protocol to perform cryptographic operations that an attacker can use to intercept communications (including sensitive information transmitted). Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "VULHUB",
"id": "VHN-157975"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6540",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-19-080-01",
"trust": 3.4
},
{
"db": "BID",
"id": "107544",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-09066",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0950.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "1E9DAD07-7958-4810-AC1E-1CB019C0C368",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157975",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"id": "VAR-201903-1617",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
}
],
"trust": 1.5959183690476189
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
}
]
},
"last_update_date": "2023-12-18T12:43:35.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-080-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107544"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6540"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6540"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0950.2/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77634"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"date": "2019-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157975"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"date": "2019-03-26T18:29:01.060000",
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157975"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"date": "2021-11-03T18:57:30.320000",
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
}
}
VAR-201808-0171
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An information disclosure vulnerability exists in MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor (all versions) that the program uses to store credentials in a recoverable format that an attacker can use to authenticate and obtain sensitive information. An attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mycarelink 24952 patient monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink 24950 patient monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope",
"sources": [
{
"db": "BID",
"id": "105042"
}
],
"trust": 0.3
},
"cve": "CVE-2018-10622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10622",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2019-21129",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-120400",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10622",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10622",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-21129",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-289",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120400",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An information disclosure vulnerability exists in MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor (all versions) that the program uses to store credentials in a recoverable format that an attacker can use to authenticate and obtain sensitive information. \nAn attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "VULHUB",
"id": "VHN-120400"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10622",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-219-01",
"trust": 3.4
},
{
"db": "BID",
"id": "105042",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-21129",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120400",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"id": "VAR-201808-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
}
],
"trust": 1.53333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
}
]
},
"last_update_date": "2023-12-18T12:28:47.050000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "http://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
},
{
"title": "Patch for MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/167021"
},
{
"title": "Medtronic MyCareLink 24950 Patient Monitor and 24952 Patient Monitor Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83915"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-219-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105042"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10622"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10622"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"date": "2018-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-120400"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105042"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"date": "2018-08-10T18:29:00.230000",
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"date": "2018-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120400"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105042"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"date": "2019-10-09T23:32:56.477000",
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink 24950 and 24952 Patient Monitor Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
],
"trust": 0.6
}
}
VAR-201808-0173
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product's update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to insufficient validation of data reliability.Information may be obtained and information may be altered. An attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mycarelink 24952 patient monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink 24950 patient monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
}
],
"sources": [
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10626"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope",
"sources": [
{
"db": "BID",
"id": "105042"
}
],
"trust": 0.3
},
"cve": "CVE-2018-10626",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10626",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "VHN-120404",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-10626",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10626",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-288",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-120404",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120404"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product\u0027s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to insufficient validation of data reliability.Information may be obtained and information may be altered. \nAn attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "VULHUB",
"id": "VHN-120404"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-18-219-01",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-10626",
"trust": 2.8
},
{
"db": "BID",
"id": "105042",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-288",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-120404",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120404"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"id": "VAR-201808-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-120404"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2023-12-18T12:28:47.022000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "http://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
},
{
"title": "Medtronic MyCareLink 24950 Patient Monitor and 24952 Patient Monitor Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83914"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-345",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120404"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "NVD",
"id": "CVE-2018-10626"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-219-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105042"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10626"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10626"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120404"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-120404"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-120404"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105042"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"date": "2018-08-10T18:29:00.353000",
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"date": "2018-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120404"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105042"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008971"
},
{
"date": "2019-10-09T23:32:56.883000",
"db": "NVD",
"id": "CVE-2018-10626"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink 24950 and 24952 Patient Monitor Vulnerabilities related to insufficient validation of data reliability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "data forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-288"
}
],
"trust": 0.6
}
}
CVE-2018-10626 (GCVE-0-2018-10626)
Vulnerability from cvelistv5 – Published: 2018-08-10 18:00 – Updated: 2025-05-22 16:13
VLAI?
Title
Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity
Summary
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
Severity ?
4.4 (Medium)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:45.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"datePublic": "2018-08-07T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic MyCareLink Patient Monitor\u2019s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor\u2019s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:13:52.072Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105042",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
},
{
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105042"
}
],
"source": {
"advisory": "ICSMA-18-219-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\u003c/p\u003e\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical control over the home monitor.\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\n\nMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n * Maintain good physical control over the home monitor.\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-10626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink 24950, 24952 Patient Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product\u0027s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105042"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10626",
"datePublished": "2018-08-10T18:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2025-05-22T16:13:52.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10622 (GCVE-0-2018-10622)
Vulnerability from cvelistv5 – Published: 2018-08-10 18:00 – Updated: 2025-05-22 16:12
VLAI?
Title
Medtronic MyCareLink 24950 Patient Monitor Storing Passwords in a Recoverable Format
Summary
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
Severity ?
4.9 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"datePublic": "2018-08-07T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic MyCareLink Patient Monitor \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:12:44.522Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105042",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
},
{
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105042"
}
],
"source": {
"advisory": "ICSMA-18-219-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink 24950 Patient Monitor Storing Passwords in a Recoverable Format",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\u003c/p\u003e\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical control over the home monitor.\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\n\nMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n * Maintain good physical control over the home monitor.\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-10626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink 24950, 24952 Patient Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product\u0027s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105042"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10622",
"datePublished": "2018-08-10T18:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2025-05-22T16:12:44.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8870 (GCVE-0-2018-8870)
Vulnerability from cvelistv5 – Published: 2018-07-02 18:00 – Updated: 2025-05-22 18:10
VLAI?
Title
Medtronic MyCareLink Patient Monitor Use of Hard-coded Password
Summary
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.
Severity ?
6.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Peter Morgan of Clever Security reported this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Morgan of Clever Security reported this vulnerability"
}
],
"datePublic": "2018-06-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.\u003c/p\u003e"
}
],
"value": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:10:03.426Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html"
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \u003c/span\u003e\n\n\u003c/div\u003e\n\n\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \n\n\n\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-18-179-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink Patient Monitor Use of Hard-coded Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u0026nbsp;\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \u003c/li\u003e\u003cli\u003eReport any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Maintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u00a0\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \n * Report any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-29T00:00:00",
"ID": "CVE-2018-8870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink Patient Monitor",
"version": {
"version_data": [
{
"version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED PASSWORD CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8870",
"datePublished": "2018-07-02T18:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2025-05-22T18:10:03.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8868 (GCVE-0-2018-8868)
Vulnerability from cvelistv5 – Published: 2018-07-02 18:00 – Updated: 2025-05-22 18:14
VLAI?
Title
Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function
Summary
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.
Severity ?
6.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Peter Morgan of Clever Security reported this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Morgan of Clever Security reported this vulnerability"
}
],
"datePublic": "2018-06-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nMedtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.\n\n\u003c/p\u003e"
}
],
"value": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:14:07.710Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html"
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \u003c/span\u003e\n\n\u003c/div\u003e\n\n\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \n\n\n\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-18-179-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u0026nbsp;\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \u003c/li\u003e\u003cli\u003eReport any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Maintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u00a0\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \n * Report any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-29T00:00:00",
"ID": "CVE-2018-8870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink Patient Monitor",
"version": {
"version_data": [
{
"version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED PASSWORD CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8868",
"datePublished": "2018-07-02T18:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2025-05-22T18:14:07.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10626 (GCVE-0-2018-10626)
Vulnerability from nvd – Published: 2018-08-10 18:00 – Updated: 2025-05-22 16:13
VLAI?
Title
Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity
Summary
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
Severity ?
4.4 (Medium)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:45.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"datePublic": "2018-08-07T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic MyCareLink Patient Monitor\u2019s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor\u2019s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345 Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:13:52.072Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105042",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
},
{
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105042"
}
],
"source": {
"advisory": "ICSMA-18-219-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\u003c/p\u003e\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical control over the home monitor.\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\n\nMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n * Maintain good physical control over the home monitor.\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-10626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink 24950, 24952 Patient Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product\u0027s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105042"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10626",
"datePublished": "2018-08-10T18:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2025-05-22T16:13:52.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10622 (GCVE-0-2018-10622)
Vulnerability from nvd – Published: 2018-08-10 18:00 – Updated: 2025-05-22 16:12
VLAI?
Title
Medtronic MyCareLink 24950 Patient Monitor Storing Passwords in a Recoverable Format
Summary
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
Severity ?
4.9 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:47.036Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105042",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105042"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"datePublic": "2018-08-07T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic MyCareLink Patient Monitor \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003euses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.\u003c/span\u003e\n\n\u003c/span\u003e\n\n\u003c/p\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-257",
"description": "CWE-257",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T16:12:44.522Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "105042",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
},
{
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/105042"
}
],
"source": {
"advisory": "ICSMA-18-219-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink 24950 Patient Monitor Storing Passwords in a Recoverable Format",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\u003c/p\u003e\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical control over the home monitor.\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic has made server-side updates to address the insufficient verification vulnerability identified in this advisory. Medtronic is implementing additional server-side mitigations to enhance data integrity and authenticity.\n\nMedtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n * Maintain good physical control over the home monitor.\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system.\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-07T00:00:00",
"ID": "CVE-2018-10626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink 24950, 24952 Patient Monitor",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected product\u0027s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSUFFICIENT VERIFICATION OF DATA AUTHENTICITY CWE-345"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105042"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10622",
"datePublished": "2018-08-10T18:00:00Z",
"dateReserved": "2018-05-01T00:00:00",
"dateUpdated": "2025-05-22T16:12:44.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8870 (GCVE-0-2018-8870)
Vulnerability from nvd – Published: 2018-07-02 18:00 – Updated: 2025-05-22 18:10
VLAI?
Title
Medtronic MyCareLink Patient Monitor Use of Hard-coded Password
Summary
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.
Severity ?
6.4 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Peter Morgan of Clever Security reported this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:47.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Morgan of Clever Security reported this vulnerability"
}
],
"datePublic": "2018-06-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.\u003c/p\u003e"
}
],
"value": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "CWE-259",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:10:03.426Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html"
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \u003c/span\u003e\n\n\u003c/div\u003e\n\n\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \n\n\n\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-18-179-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink Patient Monitor Use of Hard-coded Password",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u0026nbsp;\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \u003c/li\u003e\u003cli\u003eReport any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Maintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u00a0\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \n * Report any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-29T00:00:00",
"ID": "CVE-2018-8870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink Patient Monitor",
"version": {
"version_data": [
{
"version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED PASSWORD CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8870",
"datePublished": "2018-07-02T18:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2025-05-22T18:10:03.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8868 (GCVE-0-2018-8868)
Vulnerability from nvd – Published: 2018-07-02 18:00 – Updated: 2025-05-22 18:14
VLAI?
Title
Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function
Summary
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.
Severity ?
6.2 (Medium)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Medtronic | 24950 MyCareLink Monitor |
Affected:
All versions
|
|||||||
|
|||||||||
Credits
Peter Morgan of Clever Security reported this vulnerability
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:10:46.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "24950 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"defaultStatus": "unaffected",
"product": "24952 MyCareLink Monitor",
"vendor": "Medtronic",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Morgan of Clever Security reported this vulnerability"
}
],
"datePublic": "2018-06-29T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nMedtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.\n\n\u003c/p\u003e"
}
],
"value": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T18:14:07.710Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html"
},
{
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eMedtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \u003c/span\u003e\n\n\u003c/div\u003e\n\n\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. \n\n\n\n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"source": {
"advisory": "ICSMA-18-179-01",
"discovery": "EXTERNAL"
},
"title": "Medtronic MyCareLink Patient Monitor Exposed Dangerous Method or Function",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMedtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\u003c/p\u003e\u003cul\u003e\u003cli\u003eMaintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u0026nbsp;\u003c/li\u003e\u003cli\u003eOnly use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \u003c/li\u003e\u003cli\u003eReport any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \u003c/li\u003e\u003c/ul\u003e\u003cp\u003eMedtronic has released additional patient focused information, at the following location:\u003c/p\u003e\u003cp\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\"\u003ehttps://www.medtronic.com/security\u003c/a\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:\n\n * Maintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. \u00a0\n * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. \n * Report any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. \n\n\nMedtronic has released additional patient focused information, at the following location:\n\n https://www.medtronic.com/security"
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-29T00:00:00",
"ID": "CVE-2018-8870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Medtronic MyCareLink Patient Monitor",
"version": {
"version_data": [
{
"version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "USE OF HARD-CODED PASSWORD CWE-259"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-8868",
"datePublished": "2018-07-02T18:00:00Z",
"dateReserved": "2018-03-20T00:00:00",
"dateUpdated": "2025-05-22T18:14:07.710Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}