Search
Find a vulnerability
Search criteria
86 vulnerabilities by medtronic
CVE-2025-4397 (GCVE-0-2025-4397)
Vulnerability from nvd – Published: 2026-05-07 15:03 – Updated: 2026-05-07 15:45
VLAI
Title
Medtronic MyCareLink Patient Monitor Data Encryption Weakness
Summary
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-313 - Cleartext storage in a file or on disk
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:45:00.819845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:45:18.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
},
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "CWE-313 Cleartext storage in a file or on disk",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:03:35.674Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Data Encryption Weakness",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4397",
"datePublished": "2026-05-07T15:03:35.674Z",
"dateReserved": "2025-05-06T20:24:40.064Z",
"dateUpdated": "2026-05-07T15:45:18.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4386 (GCVE-0-2025-4386)
Vulnerability from nvd – Published: 2026-05-07 15:00 – Updated: 2026-05-07 15:43
VLAI
Title
Medtronic MyCareLink Patient Monitor Hardware Debug Port
Summary
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1263 - Improper Physical Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:43:31.207004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:43:39.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"impacts": [
{
"capecId": "CAPEC-401",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-401 Physically Hacking Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1263",
"description": "CWE-1263: Improper Physical Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:00:21.310Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Hardware Debug Port",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4386",
"datePublished": "2026-05-07T15:00:21.310Z",
"dateReserved": "2025-05-06T16:28:04.304Z",
"dateUpdated": "2026-05-07T15:43:39.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12997 (GCVE-0-2025-12997)
Vulnerability from nvd – Published: 2025-12-04 20:04 – Updated: 2025-12-09 19:39
VLAI
Summary
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T19:39:43.231608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:39:49.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ionut Cernica"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:26.083Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12997",
"datePublished": "2025-12-04T20:04:26.083Z",
"dateReserved": "2025-11-11T03:38:47.476Z",
"dateUpdated": "2025-12-09T19:39:49.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12996 (GCVE-0-2025-12996)
Vulnerability from nvd – Published: 2025-12-04 20:04 – Updated: 2025-12-09 18:26
VLAI
Summary
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T18:26:23.372646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T18:26:32.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:02.695Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12996",
"datePublished": "2025-12-04T20:04:02.695Z",
"dateReserved": "2025-11-11T03:38:46.667Z",
"dateUpdated": "2025-12-09T18:26:32.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12995 (GCVE-0-2025-12995)
Vulnerability from nvd – Published: 2025-12-04 20:03 – Updated: 2025-12-08 21:08
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:08:39.951215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:08:48.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:03:00.854Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12995",
"datePublished": "2025-12-04T20:03:00.854Z",
"dateReserved": "2025-11-11T03:38:45.676Z",
"dateUpdated": "2025-12-08T21:08:48.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12994 (GCVE-0-2025-12994)
Vulnerability from nvd – Published: 2025-12-04 20:02 – Updated: 2025-12-08 21:02
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:02:40.658602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:02:50.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:02:06.492Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12994",
"datePublished": "2025-12-04T20:02:06.492Z",
"dateReserved": "2025-11-11T03:38:43.879Z",
"dateUpdated": "2025-12-08T21:02:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4395 (GCVE-0-2025-4395)
Vulnerability from nvd – Published: 2025-07-24 03:30 – Updated: 2026-03-27 20:10
VLAI
Title
Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:18:46.616820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:18:56.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:10:12.703Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Empty Password Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4395",
"datePublished": "2025-07-24T03:30:24.185Z",
"dateReserved": "2025-05-06T20:01:00.625Z",
"dateUpdated": "2026-03-27T20:10:12.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4394 (GCVE-0-2025-4394)
Vulnerability from nvd – Published: 2025-07-24 03:26 – Updated: 2026-03-27 19:40
VLAI
Title
Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability
Summary
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:19:43.967176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:19:47.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:40:02.815Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4394",
"datePublished": "2025-07-24T03:26:06.706Z",
"dateReserved": "2025-05-06T20:00:59.768Z",
"dateUpdated": "2026-03-27T19:40:02.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4393 (GCVE-0-2025-4393)
Vulnerability from nvd – Published: 2025-07-24 03:22 – Updated: 2026-03-27 19:38
VLAI
Title
Medtronic MyCareLink Patient Monitor Deserialization Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T14:33:13.440835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:33:18.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:38:42.742Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4393",
"datePublished": "2025-07-24T03:22:20.208Z",
"dateReserved": "2025-05-06T20:00:56.804Z",
"dateUpdated": "2026-03-27T19:38:42.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4397 (GCVE-0-2025-4397)
Vulnerability from cvelistv5 – Published: 2026-05-07 15:03 – Updated: 2026-05-07 15:45
VLAI
Title
Medtronic MyCareLink Patient Monitor Data Encryption Weakness
Summary
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-313 - Cleartext storage in a file or on disk
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:45:00.819845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:45:18.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
},
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "CWE-313 Cleartext storage in a file or on disk",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:03:35.674Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Data Encryption Weakness",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4397",
"datePublished": "2026-05-07T15:03:35.674Z",
"dateReserved": "2025-05-06T20:24:40.064Z",
"dateUpdated": "2026-05-07T15:45:18.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4386 (GCVE-0-2025-4386)
Vulnerability from cvelistv5 – Published: 2026-05-07 15:00 – Updated: 2026-05-07 15:43
VLAI
Title
Medtronic MyCareLink Patient Monitor Hardware Debug Port
Summary
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1263 - Improper Physical Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:43:31.207004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:43:39.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"impacts": [
{
"capecId": "CAPEC-401",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-401 Physically Hacking Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1263",
"description": "CWE-1263: Improper Physical Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:00:21.310Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Hardware Debug Port",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4386",
"datePublished": "2026-05-07T15:00:21.310Z",
"dateReserved": "2025-05-06T16:28:04.304Z",
"dateUpdated": "2026-05-07T15:43:39.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12997 (GCVE-0-2025-12997)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:04 – Updated: 2025-12-09 19:39
VLAI
Summary
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T19:39:43.231608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:39:49.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ionut Cernica"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:26.083Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12997",
"datePublished": "2025-12-04T20:04:26.083Z",
"dateReserved": "2025-11-11T03:38:47.476Z",
"dateUpdated": "2025-12-09T19:39:49.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12996 (GCVE-0-2025-12996)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:04 – Updated: 2025-12-09 18:26
VLAI
Summary
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T18:26:23.372646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T18:26:32.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:02.695Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12996",
"datePublished": "2025-12-04T20:04:02.695Z",
"dateReserved": "2025-11-11T03:38:46.667Z",
"dateUpdated": "2025-12-09T18:26:32.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12995 (GCVE-0-2025-12995)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:03 – Updated: 2025-12-08 21:08
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:08:39.951215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:08:48.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:03:00.854Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12995",
"datePublished": "2025-12-04T20:03:00.854Z",
"dateReserved": "2025-11-11T03:38:45.676Z",
"dateUpdated": "2025-12-08T21:08:48.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12994 (GCVE-0-2025-12994)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:02 – Updated: 2025-12-08 21:02
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:02:40.658602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:02:50.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:02:06.492Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12994",
"datePublished": "2025-12-04T20:02:06.492Z",
"dateReserved": "2025-11-11T03:38:43.879Z",
"dateUpdated": "2025-12-08T21:02:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4395 (GCVE-0-2025-4395)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:30 – Updated: 2026-03-27 20:10
VLAI
Title
Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:18:46.616820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:18:56.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:10:12.703Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Empty Password Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4395",
"datePublished": "2025-07-24T03:30:24.185Z",
"dateReserved": "2025-05-06T20:01:00.625Z",
"dateUpdated": "2026-03-27T20:10:12.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4394 (GCVE-0-2025-4394)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:26 – Updated: 2026-03-27 19:40
VLAI
Title
Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability
Summary
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:19:43.967176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:19:47.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:40:02.815Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4394",
"datePublished": "2025-07-24T03:26:06.706Z",
"dateReserved": "2025-05-06T20:00:59.768Z",
"dateUpdated": "2026-03-27T19:40:02.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4393 (GCVE-0-2025-4393)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:22 – Updated: 2026-03-27 19:38
VLAI
Title
Medtronic MyCareLink Patient Monitor Deserialization Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T14:33:13.440835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:33:18.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:38:42.742Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4393",
"datePublished": "2025-07-24T03:22:20.208Z",
"dateReserved": "2025-05-06T20:00:56.804Z",
"dateUpdated": "2026-03-27T19:38:42.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201807-0328
Vulnerability from variot - Updated: 2025-08-26 23:22The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. Medtronic 8840 N'Vision Clinician Programmer and 8870 N'Vision removable Application Card Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 8870 N\'\'Vision removable Application Card is a flash memory card
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n\\\u0027vision 8840",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "n\\\u0027vision 8870",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "8840 n\u2019vision clinician programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "8870 n\u2019vision removable application card",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:n%27vision_8840_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:n%27vision_8870_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
}
]
},
"cve": "CVE-2018-10631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-10631",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-120410",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-10631",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.4,
"id": "CVE-2018-10631",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10631",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-10631",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-10631",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1161",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-120410",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-10631",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. Medtronic 8840 N\u0027Vision Clinician Programmer and 8870 N\u0027Vision removable Application Card Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 8870 N\\\u0027\\\u0027Vision removable Application Card is a flash memory card",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10631",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSMA-18-137-01",
"trust": 2.6
},
{
"db": "BID",
"id": "104213",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-120410",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-10631",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"id": "VAR-201807-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
}
],
"trust": 0.01
},
"last_update_date": "2025-08-26T23:22:55.337000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security at Medtronic",
"trust": 0.8,
"url": "http://www.medtronic.com/us-en/product-security.html?utm_source=medtronic_com_security_vanity_url\u0026utm_medium=printordigital\u0026utm_campaign=security_generic_vanity_url_FY17\u0026cmpid=vanity_url_security_printordigital_FY17"
},
{
"title": "N\u2019Vision 8840 Physician Programmer",
"trust": 0.8,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-693",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-137-01"
},
{
"trust": 1.8,
"url": "https://www.medtronic.com/security"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/nvision.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/bid/104213"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10631"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10631"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/693.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-120410"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"date": "2018-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"date": "2018-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1161"
},
{
"date": "2018-07-13T19:29:00.213000",
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120410"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"date": "2018-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1161"
},
{
"date": "2025-08-26T15:15:38.060000",
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 8840 N\u0027Vision Clinician Programmer and 8870 N\u0027Vision removable Application Card Vulnerability in protection mechanism",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
],
"trust": 0.6
}
}
VAR-201805-0937
Vulnerability from variot - Updated: 2025-06-28 23:14Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest. The Medtronic N'Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic nerve graft therapy devices. The Medtronic N'Vision Clinician Programmer has an information disclosure vulnerability that allows an attacker to exploit sensitive information. Medtronic N'Vision Clinician Programmer is prone to an information-disclosure vulnerability. The vulnerability is caused by the program not encrypting PII and PHI
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n\\\u0027vision 8840",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "n\\\u0027vision 8870",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "8840 n\u2019vision clinician programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "8870 n\u2019vision removable application card",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "n\u0027vision application card",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "8870"
},
{
"model": "n\u0027vision clinician programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "8840"
},
{
"model": "n??vision application card",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "88700"
},
{
"model": "n??vision clinician programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "88400"
},
{
"model": "n\u0027vision application card",
"scope": "eq",
"trust": 0.2,
"vendor": "medtronic",
"version": "8870*"
},
{
"model": "n\u0027vision clinician programmer",
"scope": "eq",
"trust": 0.2,
"vendor": "medtronic",
"version": "8840*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:n%27vision_8840_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:n%27vision_8870_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios of Whitescope LLC",
"sources": [
{
"db": "BID",
"id": "104213"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8849",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-10004",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-138881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-8849",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-8849",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8849",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-8849",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8849",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-10004",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-680",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138881",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic N\u0027Vision Clinician Programmer 8840 N\u0027Vision Clinician Programme and 8870 N\u0027Vision removable Application Card do not encrypt PII and PHI while at rest. The Medtronic N\u0027Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic nerve graft therapy devices. The Medtronic N\u0027Vision Clinician Programmer has an information disclosure vulnerability that allows an attacker to exploit sensitive information. Medtronic N\u0027Vision Clinician Programmer is prone to an information-disclosure vulnerability. The vulnerability is caused by the program not encrypting PII and PHI",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138881"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8849",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-18-137-01",
"trust": 3.4
},
{
"db": "BID",
"id": "104213",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-10004",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EFAD9E-39AB-11E9-87B8-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138881",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"id": "VAR-201805-0937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
}
]
},
"last_update_date": "2025-06-28T23:14:03.579000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "N\u2019Vision 8840 Physician Programmer",
"trust": 0.8,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-137-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104213"
},
{
"trust": 1.7,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/medtronic-nvision-8840_security-bulletin_final.pdf"
},
{
"trust": 1.0,
"url": "https://www.medtronic.com/security"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8849"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8849"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"date": "2018-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"date": "2018-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-138881"
},
{
"date": "2018-05-17T00:00:00",
"db": "BID",
"id": "104213"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"date": "2018-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"date": "2018-05-18T13:29:00.427000",
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138881"
},
{
"date": "2018-05-17T00:00:00",
"db": "BID",
"id": "104213"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-680"
},
{
"date": "2025-06-27T17:15:32.103000",
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "104213"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic N\u0027Vision Clinician Programmer Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
],
"trust": 0.6
}
}
VAR-201812-0476
Vulnerability from variot - Updated: 2025-05-23 23:28Medtronic CareLink and Encore Programmers
do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . Medtronic CareLink 2090 Programmer , CareLink 9790 Programmer , 29901 Encore Programmer Contains a cryptographic vulnerability.Information may be obtained. Successfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. An attacker in physical proximity could exploit the vulnerability to gain access to protected health and personally identifiable information stored on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0476",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "carelink 9790 programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "29901 encore programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "carelink 2090 programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "2090 carelink programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "29901 carelink encore programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "9790 carelink programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "97900"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "20900"
},
{
"model": "encore programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "299010"
}
],
"sources": [
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:2090_carelink_programmer_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:29901_encore_programmer_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:carelink_9790_programmer_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios and Jonathan Butts from Whitescope LLC",
"sources": [
{
"db": "BID",
"id": "106215"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-18984",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-129598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-18984",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-18984",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-18984",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-18984",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-18984",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-661",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129598",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic CareLink and Encore Programmers\n\n do not encrypt or do not sufficiently encrypt sensitive \nPII and PHI information while at rest . Medtronic CareLink 2090 Programmer , CareLink 9790 Programmer , 29901 Encore Programmer Contains a cryptographic vulnerability.Information may be obtained. \nSuccessfully exploiting this issue may allow attackers to view encrypted data and obtain sensitive information. This may lead to other attacks. An attacker in physical proximity could exploit the vulnerability to gain access to protected health and personally identifiable information stored on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18984"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "VULHUB",
"id": "VHN-129598"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18984",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-18-347-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106215",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-98836",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-129598",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"id": "VAR-201812-0476",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
}
],
"trust": 0.9
},
"last_update_date": "2025-05-23T23:28:18.714000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-312",
"trust": 1.1
},
{
"problemtype": "CWE-311",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-347-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/106215"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-9790-2090-29901.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18984"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18984"
},
{
"trust": 0.3,
"url": "https://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129598"
},
{
"db": "BID",
"id": "106215"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
},
{
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-14T00:00:00",
"db": "VULHUB",
"id": "VHN-129598"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106215"
},
{
"date": "2019-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-661"
},
{
"date": "2018-12-14T15:29:00.700000",
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-129598"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106215"
},
{
"date": "2019-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014352"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-661"
},
{
"date": "2025-05-22T17:15:22.570000",
"db": "NVD",
"id": "CVE-2018-18984"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "106215"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014352"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-661"
}
],
"trust": 0.6
}
}
VAR-201903-0181
Vulnerability from variot - Updated: 2025-05-23 23:16The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. plural Medtronic The product contains an access control vulnerability.Information may be tampered with. MyCareLink Monitor and others are products developed by Medtronic. Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. An attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 2.4,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 2.4,
"vendor": "medtronic",
"version": "24952"
},
{
"model": "carelink monitor",
"scope": "eq",
"trust": 1.8,
"vendor": "medtronic",
"version": "2490c"
},
{
"model": "evera icd",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd and crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "primo icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d and lcd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink monitor 2490c",
"scope": null,
"trust": 0.9,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d and lcd",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "2090"
},
{
"model": "primo icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "secura icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "primo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "evera icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "20900"
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor",
"version": "24950"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "evera icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii crt d and lcd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mirro icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nayamed nd icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primo icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta icd and crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "secura icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "visia af icd",
"version": null
},
{
"model": "2490c",
"scope": null,
"trust": 0.2,
"vendor": "carelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "viva crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink 2090",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "amplia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "claria crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto ii crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "consulta crt d",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:carelink_2090_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:carelink_monitor_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:claria_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:compia_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:concerto_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:concerto_ii_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:consulta_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:evera_icd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:maximo_ii_crt-d_and_lcd_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:mycarelink_monitor_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven reported these vulnerabilities to NCCIC.,Peter Morgan of Clever Security; Dave SingelA?e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven,Peter Morgan of Clever Security; Dave Singel\u00e9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospita,Peter Morgan of Clever Security; Dave Singel??e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6538",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2019-6538",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-09067",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c60800b1-5282-4def-ab94-14b4a596d36e",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-157973",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6538",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6538",
"impactScore": 5.8,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6538",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6538",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2019-6538",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2019-6538",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-09067",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-836",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157973",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product\u2019s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. plural Medtronic The product contains an access control vulnerability.Information may be tampered with. MyCareLink Monitor and others are products developed by Medtronic. Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "VULHUB",
"id": "VHN-157973"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6538",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-19-080-01",
"trust": 3.4
},
{
"db": "BID",
"id": "107544",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-09067",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0950.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "C60800B1-5282-4DEF-AB94-14B4A596D36E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157973",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"id": "VAR-201903-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
}
],
"trust": 1.5959183690476189
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
}
]
},
"last_update_date": "2025-05-23T23:16:00.618000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.9
},
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-862",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-080-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107544"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6538"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6538"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0950.2/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77634"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-157973"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-836"
},
{
"date": "2019-03-25T22:29:00.763000",
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"date": "2020-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-157973"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"date": "2021-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-836"
},
{
"date": "2025-05-22T20:15:20.660000",
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
],
"trust": 0.8
}
}
VAR-201903-1617
Vulnerability from variot - Updated: 2025-05-23 23:16The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. plural Medtronic The product contains cryptographic vulnerabilities.Information may be obtained. MyCareLink Monitor and others are products developed by Medtronic. An access control error vulnerability exists in several Medtronic products that stems from the failure of the Conexus telemetry protocol to perform cryptographic operations that an attacker can use to intercept communications (including sensitive information transmitted). Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. An attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1617",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "carelink monitor 2490c",
"scope": null,
"trust": 1.7,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink monitor 2490c",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink monitor 24950",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "primo icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink monitor 24952",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "2090"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": "primo icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "secura icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "primo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "evera icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "20900"
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor 24950",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "consulta crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "evera icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mirro icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nayamed nd icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primo icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "secura icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor 24952",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "visia af icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "viva crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink monitor 2490c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink 2090",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "amplia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "claria crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto ii crt d",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:24950_mycarelink_monitor_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:24952_mycarelink_monitor_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:amplia_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:carelink_2090_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:carelink_monitor_2490c_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:claria_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:compia_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:concerto_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:concerto_ii_crt-d_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:consulta_crt-d_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven reported these vulnerabilities to NCCIC.,Peter Morgan of Clever Security; Dave Singel\u00e9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospita,Peter Morgan of Clever Security; Dave Singel\u00c3\u00a9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6540",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2019-6540",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-09066",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-157975",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-6540",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6540",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-6540",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2019-6540",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-6540",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2019-09066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-831",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157975",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. plural Medtronic The product contains cryptographic vulnerabilities.Information may be obtained. MyCareLink Monitor and others are products developed by Medtronic. An access control error vulnerability exists in several Medtronic products that stems from the failure of the Conexus telemetry protocol to perform cryptographic operations that an attacker can use to intercept communications (including sensitive information transmitted). Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "VULHUB",
"id": "VHN-157975"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6540",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-19-080-01",
"trust": 3.4
},
{
"db": "BID",
"id": "107544",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-09066",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0950.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "1E9DAD07-7958-4810-AC1E-1CB019C0C368",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157975",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"id": "VAR-201903-1617",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
}
],
"trust": 1.5959183690476189
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
}
]
},
"last_update_date": "2025-05-23T23:16:00.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-080-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107544"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6540"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6540"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0950.2/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77634"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"date": "2019-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157975"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-831"
},
{
"date": "2019-03-26T18:29:01.060000",
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157975"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-831"
},
{
"date": "2025-05-22T20:15:21.027000",
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
}
}
VAR-201805-1110
Vulnerability from variot - Updated: 2025-05-23 23:07Medtronic 2090 CareLink Programmer
uses a per-product username and password that is stored in a recoverable format. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry. An attacker could exploit this vulnerability to obtain credentials into a software deployment network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1110",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "2090 carelink programmer",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "2090 carelink programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-770"
},
{
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:2090_carelink_programmer_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
}
]
},
"cve": "CVE-2018-5446",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5446",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-135477",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-5446",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2018-5446",
"impactScore": 4.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5446",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-5446",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-5446",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-770",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135477",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-770"
},
{
"db": "NVD",
"id": "CVE-2018-5446"
},
{
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 2090 CareLink Programmer \n\nuses a per-product username and password that is stored in a recoverable format. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry. An attacker could exploit this vulnerability to obtain credentials into a software deployment network",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5446"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"db": "VULHUB",
"id": "VHN-135477"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5446",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-01",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004578",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-770",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2018.0582.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135477",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-770"
},
{
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"id": "VAR-201805-1110",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135477"
}
],
"trust": 0.01
},
"last_update_date": "2025-05-23T23:07:18.433000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-257",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-01"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5446"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5446"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2018.0582.2/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-18-058-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-770"
},
{
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135477"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-770"
},
{
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-135477"
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-770"
},
{
"date": "2018-05-04T18:29:00.523000",
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-135477"
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004578"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-770"
},
{
"date": "2025-05-22T18:15:22.840000",
"db": "NVD",
"id": "CVE-2018-5446"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 2090 Carelink Programmer Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004578"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-770"
}
],
"trust": 0.6
}
}
VAR-201805-1111
Vulnerability from variot - Updated: 2025-05-23 23:07Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. Medtronic 2090 Carelink Programmer Contains a path traversal vulnerability.Information may be obtained. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-1111",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "2090 carelink programmer",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "2090 carelink programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
},
{
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:2090_carelink_programmer_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
}
]
},
"cve": "CVE-2018-5448",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2018-5448",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-135479",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2018-5448",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-5448",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5448",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-5448",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-5448",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-771",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135479",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135479"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
},
{
"db": "NVD",
"id": "CVE-2018-5448"
},
{
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 2090 CareLink Programmer\u2019s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. Medtronic 2090 Carelink Programmer Contains a path traversal vulnerability.Information may be obtained. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5448"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "VULHUB",
"id": "VHN-135479"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5448",
"trust": 2.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-01",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004579",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-771",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2018.0582.2",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135479",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135479"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
},
{
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"id": "VAR-201805-1111",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135479"
}
],
"trust": 0.01
},
"last_update_date": "2025-05-23T23:07:14.919000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-23",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135479"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-01"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5448"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5448"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2018.0582.2/"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-18-058-01"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135479"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
},
{
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135479"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
},
{
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-135479"
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"date": "2018-03-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-771"
},
{
"date": "2018-05-04T18:29:00.570000",
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-135479"
},
{
"date": "2018-06-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-771"
},
{
"date": "2025-05-22T18:15:23.033000",
"db": "NVD",
"id": "CVE-2018-5448"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 2090 Carelink Programmer Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004579"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-771"
}
],
"trust": 0.6
}
}
VAR-201807-0333
Vulnerability from variot - Updated: 2025-05-23 23:07Medtronic 2090 CareLink Programmer
uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a Medtronic-hosted update network. Once the VPN is established, it makes a request to a HTTP (non-TLS) server across the VPN for updates, which responds and provides any available updates. The programmer-side (client) service responsible for this HTTP request does not check to ensure it is still connected to the VPN before making the HTTP request. Thus, an attacker could cause the VPN connection to terminate (through various methods and attack points) and intercept the HTTP request, responding with malicious updates via a man-in-the-middle attack. The affected products do not verify the origin or integrity of these updates, as it insufficiently relied on the security of the VPN. An attacker with remote network access to the programmer could influence these communications. Medtronic 2090 CareLink Programmer Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Medtronic2090CareLinkProgrammer is a set of portable computer products from Medtronic Corporation of the United States. This product is used to manage and program cardiac devices in the medical industry
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "2090 carelink programmer",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "2090 carelink programmer",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "2090"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-212"
},
{
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:2090_carelink_programmer_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
}
]
},
"cve": "CVE-2018-10596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2018-10596",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12557",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-120371",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2018-10596",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-10596",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10596",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-10596",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10596",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-12557",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-212",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120371",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"db": "VULHUB",
"id": "VHN-120371"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-212"
},
{
"db": "NVD",
"id": "CVE-2018-10596"
},
{
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 2090 CareLink Programmer \n\nuses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based VPN connection to a Medtronic-hosted update network. Once the VPN is established, it makes a request to a HTTP (non-TLS) server across the VPN for updates, which responds and provides any available updates. The programmer-side (client) service responsible for this HTTP request does not check to ensure it is still connected to the VPN before making the HTTP request. Thus, an attacker could cause the VPN connection to terminate (through various methods and attack points) and intercept the HTTP request, responding with malicious updates via a man-in-the-middle attack. The affected products do not verify the origin or integrity of these updates, as it insufficiently relied on the security of the VPN. An attacker with remote network access to the programmer could influence these communications. Medtronic 2090 CareLink Programmer Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Medtronic2090CareLinkProgrammer is a set of portable computer products from Medtronic Corporation of the United States. This product is used to manage and program cardiac devices in the medical industry",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10596"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"db": "VULHUB",
"id": "VHN-120371"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10596",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSMA-18-058-01",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-212",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-12557",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47493",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120371",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"db": "VULHUB",
"id": "VHN-120371"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-212"
},
{
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"id": "VAR-201807-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"db": "VULHUB",
"id": "VHN-120371"
}
],
"trust": 1.5
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12557"
}
]
},
"last_update_date": "2025-05-23T23:07:14.887000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
},
{
"problemtype": "CWE-923",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120371"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-058-01"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10596"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10596"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-18-058-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47493"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"db": "VULHUB",
"id": "VHN-120371"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-212"
},
{
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"db": "VULHUB",
"id": "VHN-120371"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-212"
},
{
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-120371"
},
{
"date": "2018-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-212"
},
{
"date": "2018-07-03T01:29:00.487000",
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12557"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120371"
},
{
"date": "2018-10-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008035"
},
{
"date": "2020-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-212"
},
{
"date": "2025-05-22T18:15:21.490000",
"db": "NVD",
"id": "CVE-2018-10596"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-212"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 2090 CareLink Programmer Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008035"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-212"
}
],
"trust": 0.6
}
}
VAR-201911-1205
Vulnerability from variot - Updated: 2025-05-23 23:05Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "valleylab exchange client",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "3.4"
},
{
"model": "valleylab ft10 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "4.0.0"
},
{
"model": "valleylab fx8 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "1.1.0"
},
{
"model": "valleylab exchange",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=3.4"
},
{
"model": "valleylab ft10",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=4.0.0"
},
{
"model": "valleylab fx8",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=1.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab exchange client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab ft10 energy platform",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab fx8 energy platform",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:medtronic:valleylab_exchange_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:valleylab_ft10_energy_platform_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:valleylab_fx8_energy_platform_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
}
]
},
"cve": "CVE-2019-13539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13539",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-41424",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2019-13539",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.0,
"id": "CVE-2019-13539",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13539",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13539",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2019-13539",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13539",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41424",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-432",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13539",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-19-311-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-41424",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4211",
"trust": 0.6
},
{
"db": "IVD",
"id": "A983492D-DC48-4E04-9CD7-E50F961E4F75",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"id": "VAR-201911-1205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
}
]
},
"last_update_date": "2025-05-23T23:05:13.354000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
},
{
"title": "Patch for Valleylab FT10 and Valleylab FX8 Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191117"
},
{
"title": "Medtronic Valleylab FT10 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102695"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-328",
"trust": 1.0
},
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13539"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13539"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4211/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-432"
},
{
"date": "2019-11-08T20:15:10.743000",
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"date": "2020-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-432"
},
{
"date": "2025-05-22T19:15:23.083000",
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Valleylab Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
],
"trust": 0.6
}
}
VAR-201911-1206
Vulnerability from variot - Updated: 2025-05-23 23:05Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "valleylab exchange client",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "3.4"
},
{
"model": "valleylab ft10 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "4.0.0"
},
{
"model": "valleylab fx8 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "1.1.0"
},
{
"model": "valleylab exchange",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=3.4"
},
{
"model": "valleylab ft10",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=4.0.0"
},
{
"model": "valleylab fx8",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=1.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab exchange client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab ft10 energy platform",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab fx8 energy platform",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:medtronic:valleylab_exchange_client",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:valleylab_ft10_energy_platform_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:valleylab_fx8_energy_platform_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
}
]
},
"cve": "CVE-2019-13543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-13543",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41423",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13543",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"id": "CVE-2019-13543",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13543",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13543",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2019-13543",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-13543",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-41423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-441",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13543",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-19-311-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-41423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4211",
"trust": 0.6
},
{
"db": "IVD",
"id": "5265EE01-224F-4B99-AAE3-E9FA05D91A57",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"id": "VAR-201911-1206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
}
]
},
"last_update_date": "2025-05-23T23:05:13.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
},
{
"title": "Patch for Valleylab FT10 and Valleylab FX8 Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/191115"
},
{
"title": "Medtronic Valleylab FT10 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105729"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13543"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/valleylab-generator-rfid-vulnerabilities.html"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-311-02"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4211/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-441"
},
{
"date": "2019-11-08T20:15:10.853000",
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"date": "2020-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-441"
},
{
"date": "2025-05-22T19:15:23.257000",
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Valleylab Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
],
"trust": 0.6
}
}
VAR-201807-1690
Vulnerability from variot - Updated: 2025-05-23 23:00Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1690",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "24950 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24950 mycarelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24952 mycarelink monitor",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:24950_mycarelink_monitor_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:24952_mycarelink_monitor_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
}
]
},
"cve": "CVE-2018-8870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2018-8870",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12412",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-138902",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2018-8870",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2018-8870",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8870",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-8870",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8870",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-12412",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138902",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138902"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8870",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-179-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12412",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F5EF32-39AB-11E9-B3DF-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138902",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"id": "VAR-201807-1690",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
}
]
},
"last_update_date": "2025-05-23T23:00:43.474000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
},
{
"problemtype": "CWE-259",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-179-01"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8870"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8870"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138902"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-181"
},
{
"date": "2018-07-03T01:29:01.940000",
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138902"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-181"
},
{
"date": "2025-05-22T19:15:22.237000",
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "24950 MyCareLink Monitor and 24952 MyCareLink Monitor Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
],
"trust": 0.6
}
}
VAR-201807-1689
Vulnerability from variot - Updated: 2025-05-23 23:00Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "24950 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24950 mycarelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24952 mycarelink monitor",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:medtronic:24950_mycarelink_monitor_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:medtronic:24952_mycarelink_monitor_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
]
},
"cve": "CVE-2018-8868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2018-8868",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12411",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-138900",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"id": "CVE-2018-8868",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.4,
"id": "CVE-2018-8868",
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-8868",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2018-8868",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-8868",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138900",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8868",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-179-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F61640-39AB-11E9-A331-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138900",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"id": "VAR-201807-1689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
}
]
},
"last_update_date": "2025-05-23T23:00:43.436000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-749",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-179-01"
},
{
"trust": 1.0,
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8868"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8868"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
},
{
"date": "2018-07-03T01:29:01.877000",
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
},
{
"date": "2025-05-22T19:15:22.013000",
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "24950 MyCareLink Monitor and 24952 MyCareLink Monitor Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
}
}