Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
86 vulnerabilities by Medtronic
CVE-2025-4397 (GCVE-0-2025-4397)
Vulnerability from nvd – Published: 2026-05-07 15:03 – Updated: 2026-05-07 15:45
VLAI
Title
Medtronic MyCareLink Patient Monitor Data Encryption Weakness
Summary
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-313 - Cleartext storage in a file or on disk
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:45:00.819845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:45:18.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
},
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "CWE-313 Cleartext storage in a file or on disk",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:03:35.674Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Data Encryption Weakness",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4397",
"datePublished": "2026-05-07T15:03:35.674Z",
"dateReserved": "2025-05-06T20:24:40.064Z",
"dateUpdated": "2026-05-07T15:45:18.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4386 (GCVE-0-2025-4386)
Vulnerability from nvd – Published: 2026-05-07 15:00 – Updated: 2026-05-07 15:43
VLAI
Title
Medtronic MyCareLink Patient Monitor Hardware Debug Port
Summary
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1263 - Improper Physical Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:43:31.207004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:43:39.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"impacts": [
{
"capecId": "CAPEC-401",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-401 Physically Hacking Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1263",
"description": "CWE-1263: Improper Physical Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:00:21.310Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Hardware Debug Port",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4386",
"datePublished": "2026-05-07T15:00:21.310Z",
"dateReserved": "2025-05-06T16:28:04.304Z",
"dateUpdated": "2026-05-07T15:43:39.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12997 (GCVE-0-2025-12997)
Vulnerability from nvd – Published: 2025-12-04 20:04 – Updated: 2025-12-09 19:39
VLAI
Summary
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T19:39:43.231608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:39:49.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ionut Cernica"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:26.083Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12997",
"datePublished": "2025-12-04T20:04:26.083Z",
"dateReserved": "2025-11-11T03:38:47.476Z",
"dateUpdated": "2025-12-09T19:39:49.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12996 (GCVE-0-2025-12996)
Vulnerability from nvd – Published: 2025-12-04 20:04 – Updated: 2025-12-09 18:26
VLAI
Summary
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T18:26:23.372646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T18:26:32.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:02.695Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12996",
"datePublished": "2025-12-04T20:04:02.695Z",
"dateReserved": "2025-11-11T03:38:46.667Z",
"dateUpdated": "2025-12-09T18:26:32.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12995 (GCVE-0-2025-12995)
Vulnerability from nvd – Published: 2025-12-04 20:03 – Updated: 2025-12-08 21:08
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:08:39.951215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:08:48.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:03:00.854Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12995",
"datePublished": "2025-12-04T20:03:00.854Z",
"dateReserved": "2025-11-11T03:38:45.676Z",
"dateUpdated": "2025-12-08T21:08:48.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12994 (GCVE-0-2025-12994)
Vulnerability from nvd – Published: 2025-12-04 20:02 – Updated: 2025-12-08 21:02
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:02:40.658602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:02:50.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:02:06.492Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12994",
"datePublished": "2025-12-04T20:02:06.492Z",
"dateReserved": "2025-11-11T03:38:43.879Z",
"dateUpdated": "2025-12-08T21:02:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4393 (GCVE-0-2025-4393)
Vulnerability from nvd – Published: 2025-07-24 03:22 – Updated: 2026-03-27 19:38
VLAI
Title
Medtronic MyCareLink Patient Monitor Deserialization Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T14:33:13.440835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:33:18.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:38:42.742Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4393",
"datePublished": "2025-07-24T03:22:20.208Z",
"dateReserved": "2025-05-06T20:00:56.804Z",
"dateUpdated": "2026-03-27T19:38:42.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4395 (GCVE-0-2025-4395)
Vulnerability from nvd – Published: 2025-07-24 03:30 – Updated: 2026-03-27 20:10
VLAI
Title
Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:18:46.616820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:18:56.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:10:12.703Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Empty Password Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4395",
"datePublished": "2025-07-24T03:30:24.185Z",
"dateReserved": "2025-05-06T20:01:00.625Z",
"dateUpdated": "2026-03-27T20:10:12.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4394 (GCVE-0-2025-4394)
Vulnerability from nvd – Published: 2025-07-24 03:26 – Updated: 2026-03-27 19:40
VLAI
Title
Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability
Summary
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:19:43.967176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:19:47.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:40:02.815Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4394",
"datePublished": "2025-07-24T03:26:06.706Z",
"dateReserved": "2025-05-06T20:00:59.768Z",
"dateUpdated": "2026-03-27T19:40:02.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4397 (GCVE-0-2025-4397)
Vulnerability from cvelistv5 – Published: 2026-05-07 15:03 – Updated: 2026-05-07 15:45
VLAI
Title
Medtronic MyCareLink Patient Monitor Data Encryption Weakness
Summary
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-313 - Cleartext storage in a file or on disk
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4397",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:45:00.819845Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:45:18.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
},
{
"lang": "en",
"type": "finder",
"value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"value": "Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-313",
"description": "CWE-313 Cleartext storage in a file or on disk",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:03:35.674Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-8-7-18.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Data Encryption Weakness",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4397",
"datePublished": "2026-05-07T15:03:35.674Z",
"dateReserved": "2025-05-06T20:24:40.064Z",
"dateUpdated": "2026-05-07T15:45:18.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4386 (GCVE-0-2025-4386)
Vulnerability from cvelistv5 – Published: 2026-05-07 15:00 – Updated: 2026-05-07 15:43
VLAI
Title
Medtronic MyCareLink Patient Monitor Hardware Debug Port
Summary
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-1263 - Improper Physical Access Control
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < February 25, 2026
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < February 25, 2026
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4386",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T15:43:31.207004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:43:39.136Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "February 25, 2026",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.\u200b"
}
],
"impacts": [
{
"capecId": "CAPEC-401",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-401 Physically Hacking Hardware"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1263",
"description": "CWE-1263: Improper Physical Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T15:00:21.310Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Hardware Debug Port",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4386",
"datePublished": "2026-05-07T15:00:21.310Z",
"dateReserved": "2025-05-06T16:28:04.304Z",
"dateUpdated": "2026-05-07T15:43:39.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12997 (GCVE-0-2025-12997)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:04 – Updated: 2025-12-09 19:39
VLAI
Summary
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T19:39:43.231608Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T19:39:49.007Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ionut Cernica"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-261",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-261 Fuzzing for garnering other adjacent user/sensitive data"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:26.083Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12997",
"datePublished": "2025-12-04T20:04:26.083Z",
"dateReserved": "2025-11-11T03:38:47.476Z",
"dateUpdated": "2025-12-09T19:39:49.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12996 (GCVE-0-2025-12996)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:04 – Updated: 2025-12-09 18:26
VLAI
Summary
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12996",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T18:26:23.372646Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T18:26:32.483Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-215",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-215 Fuzzing for application mapping"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:04:02.695Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12996",
"datePublished": "2025-12-04T20:04:02.695Z",
"dateReserved": "2025-11-11T03:38:46.667Z",
"dateUpdated": "2025-12-09T18:26:32.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12995 (GCVE-0-2025-12995)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:03 – Updated: 2025-12-08 21:08
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-307 - Improper Restriction of Excessive Authentication Attempts
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:08:39.951215Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:08:48.839Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-49",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-49 Password Brute Forcing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-307",
"description": "CWE-307 Improper Restriction of Excessive Authentication Attempts",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:03:00.854Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12995",
"datePublished": "2025-12-04T20:03:00.854Z",
"dateReserved": "2025-11-11T03:38:45.676Z",
"dateUpdated": "2025-12-08T21:08:48.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12994 (GCVE-0-2025-12994)
Vulnerability from cvelistv5 – Published: 2025-12-04 20:02 – Updated: 2025-12-08 21:02
VLAI
Summary
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | CareLink Network |
Affected:
0 , < December 4, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-08T21:02:40.658602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-08T21:02:50.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "CareLink Network",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "December 4, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bernhard Lorenz"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"value": "Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025."
}
],
"impacts": [
{
"capecId": "CAPEC-575",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-575: Account Footprinting"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "CWE-204 Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-04T20:02:06.492Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/carelink-network-vulnerabilities.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-12994",
"datePublished": "2025-12-04T20:02:06.492Z",
"dateReserved": "2025-11-11T03:38:43.879Z",
"dateUpdated": "2025-12-08T21:02:50.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4395 (GCVE-0-2025-4395)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:30 – Updated: 2026-03-27 20:10
VLAI
Title
Medtronic MyCareLink Patient Monitor Empty Password Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-258 - Empty Password in Configuration File
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4395",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:18:46.616820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:18:56.146Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-258",
"description": "CWE-258 Empty Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T20:10:12.703Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Empty Password Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4395",
"datePublished": "2025-07-24T03:30:24.185Z",
"dateReserved": "2025-05-06T20:01:00.625Z",
"dateUpdated": "2026-03-27T20:10:12.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4394 (GCVE-0-2025-4394)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:26 – Updated: 2026-03-27 19:40
VLAI
Title
Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability
Summary
Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-312 - Cleartext Storage of Sensitive Information
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4394",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T13:19:43.967176Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T13:19:47.565Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:40:02.815Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Unencrypted Filesystem Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4394",
"datePublished": "2025-07-24T03:26:06.706Z",
"dateReserved": "2025-05-06T20:00:59.768Z",
"dateUpdated": "2026-03-27T19:40:02.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-4393 (GCVE-0-2025-4393)
Vulnerability from cvelistv5 – Published: 2025-07-24 03:22 – Updated: 2026-03-27 19:38
VLAI
Title
Medtronic MyCareLink Patient Monitor Deserialization Vulnerability
Summary
Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges.
This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.medtronic.com/en-us/e/product-securit… | vendor-advisory |
| https://www.cisa.gov/news-events/ics-medical-advi… | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Medtronic | MyCareLink Patient Monitor 24950 |
Affected:
0 , < June 25, 2025
(custom)
|
|
| Medtronic | MyCareLink Patient Monitor 24952 |
Affected:
0 , < June 25, 2025
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4393",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T14:33:13.440835Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-24T14:33:18.381Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24950",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MyCareLink Patient Monitor 24952",
"vendor": "Medtronic",
"versions": [
{
"lessThan": "June 25, 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ethan Morchy, with Somerset Recon"
},
{
"lang": "en",
"type": "finder",
"value": "Carl Mann, independent researcher"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \u003cbr\u003e\u003cbr\u003eThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025\u003cbr\u003e"
}
],
"value": "Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. \n\nThis issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:38:42.742Z",
"orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"shortName": "Medtronic"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/mycarelink-patient-monitor-vulnerabilities.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-205-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Medtronic MyCareLink Patient Monitor Deserialization Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
"assignerShortName": "Medtronic",
"cveId": "CVE-2025-4393",
"datePublished": "2025-07-24T03:22:20.208Z",
"dateReserved": "2025-05-06T20:00:56.804Z",
"dateUpdated": "2026-03-27T19:38:42.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-201906-1020
Vulnerability from variot - Updated: 2023-12-18 13:52In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. plural Medtronic Minimed The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Medtronic Products are prone to an security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. Medtronic MiniMed 508 pump and others are insulin pumps from Medtronic. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "minimed paradigm 722k",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 723",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed paradigm 722",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 512",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 712e",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 523",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed paradigm 712",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 511",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed 508",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 723k",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed paradigm veo 554cm",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.7a"
},
{
"model": "minimed paradigm veo 754",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.6a"
},
{
"model": "minimed paradigm veo 754cm",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 715",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 515",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 522",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 522k",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm veo 554",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.6a"
},
{
"model": "minimed paradigm 523k",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed 508",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 511",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 512",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 515",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 522",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 522k",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 712",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 712e",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 715",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 722",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm veo 554cm and 754cm models 2.7a",
"scope": null,
"trust": 0.3,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm veo pumps 2.6a",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "554/754"
},
{
"model": "minimed paradigm 712e pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "minimed paradigm 523k/723k pumps 2.4a",
"scope": null,
"trust": 0.3,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm pumps 2.4a",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "523/723"
},
{
"model": "minimed paradigm 522k/722k pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "minimed paradigm pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "522/7220"
},
{
"model": "minimed paradigm pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "515/7150"
},
{
"model": "minimed paradigm pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "512/7120"
},
{
"model": "minimed paradigm pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "5110"
},
{
"model": "minimed pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "5080"
}
],
"sources": [
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_508_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_508:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_511_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_511:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_512_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_512:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_712_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_712:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_712e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_712e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_515_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_515:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_715_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_715:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_522_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_522:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_722_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_722:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_522k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_522k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_722k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_722k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_523_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_523:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_723_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_723:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_523k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_523k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_723k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_723k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_554_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_554:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_754_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_754:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_554cm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_554cm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7a",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_754cm_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_754cm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nathanael Paul, Jay Radcliffe, Barnaby Jack, Jonathan Butts and Jesse Young, Billy Rios, Medtronic., Jonathan Butts, and Jesse Young",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10964",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-142563",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10964",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10964",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1080",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142563",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump \u2013 All versions, MiniMed Paradigm 511 pump \u2013 All versions, MiniMed Paradigm 512/712 pumps \u2013 All versions, MiniMed Paradigm 712E pump\u2013All versions, MiniMed Paradigm 515/715 pumps\u2013All versions, MiniMed Paradigm 522/722 pumps \u2013 All versions,MiniMed Paradigm 522K/722K pumps \u2013 All versions, MiniMed Paradigm 523/723 pumps \u2013 Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps \u2013 Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps \u2013 Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only \u2013 Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. plural Medtronic Minimed The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Medtronic Products are prone to an security-bypass vulnerability. \nSuccessful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. Medtronic MiniMed 508 pump and others are insulin pumps from Medtronic. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "VULHUB",
"id": "VHN-142563"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10964",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-19-178-01",
"trust": 2.8
},
{
"db": "BID",
"id": "108926",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2351",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142563",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"id": "VAR-201906-1020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:16.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-178-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108926"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10964"
},
{
"trust": 0.9,
"url": "https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/medtronic_security_bulletin_diabetes_paradigm_062719_final.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10964"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2351/"
},
{
"trust": 0.3,
"url": "https://www.medtronic.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-142563"
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108926"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"date": "2019-06-28T21:15:11.007000",
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142563"
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108926"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Minimed Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
],
"trust": 0.6
}
}
VAR-201807-1690
Vulnerability from variot - Updated: 2023-12-18 13:19Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1690",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "24952 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24950 mycarelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24952 mycarelink monitor",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24950_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24950_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24952_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24952_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"cve": "CVE-2018-8870",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-8870",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12412",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-138902",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8870",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8870",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12412",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-181",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138902",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138902"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8870",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-179-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12412",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F5EF32-39AB-11E9-B3DF-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138902",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"id": "VAR-201807-1690",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
}
]
},
"last_update_date": "2023-12-18T13:19:01.343000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-179-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8870"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8870"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"db": "VULHUB",
"id": "VHN-138902"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "IVD",
"id": "e2f5ef32-39ab-11e9-b3df-000c29342cb1"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138902"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"date": "2018-07-03T01:29:01.940000",
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12412"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138902"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007256"
},
{
"date": "2019-10-09T23:42:59.847000",
"db": "NVD",
"id": "CVE-2018-8870"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "24950 MyCareLink Monitor and 24952 MyCareLink Monitor Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007256"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-181"
}
],
"trust": 0.6
}
}
VAR-201807-1689
Vulnerability from variot - Updated: 2023-12-18 13:19Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1689",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "24952 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24950 mycarelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "24952 mycarelink monitor",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24950_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24950_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:24952_mycarelink_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:24952_mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"cve": "CVE-2018-8868",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-8868",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-12411",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-138900",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.4,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8868",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8868",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138900",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor\u0027s communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic. MedtronicMyCareLinkPatientMonitor exposes dangerous methods or functional vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8868",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-179-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-12411",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F61640-39AB-11E9-A331-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138900",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"id": "VAR-201807-1689",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
}
]
},
"last_update_date": "2023-12-18T13:19:01.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-179-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8868"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8868"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"db": "VULHUB",
"id": "VHN-138900"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "IVD",
"id": "e2f61640-39ab-11e9-a331-000c29342cb1"
},
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2018-07-03T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2018-07-03T01:29:01.877000",
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"date": "2018-07-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12411"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138900"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007255"
},
{
"date": "2019-10-09T23:42:59.550000",
"db": "NVD",
"id": "CVE-2018-8868"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "24950 MyCareLink Monitor and 24952 MyCareLink Monitor Access control vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007255"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-182"
}
],
"trust": 0.6
}
}
VAR-201911-1205
Vulnerability from variot - Updated: 2023-12-18 12:50Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1205",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "valleylab exchange client",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "3.4"
},
{
"model": "valleylab ft10 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "4.0.0"
},
{
"model": "valleylab fx8 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "1.1.0"
},
{
"model": "valleylab exchange",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=3.4"
},
{
"model": "valleylab ft10",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=4.0.0"
},
{
"model": "valleylab fx8",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=1.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab exchange client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab ft10 energy platform",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab fx8 energy platform",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"cve": "CVE-2019-13539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-13539",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2019-41424",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13539",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13539",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41424",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-432",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing. While interactive, network-based logons are disabled, and attackers can use the other vulnerabilities within this report to obtain local shell access and access these hashes. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13539",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-19-311-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-41424",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4211",
"trust": 0.6
},
{
"db": "IVD",
"id": "A983492D-DC48-4E04-9CD7-E50F961E4F75",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"id": "VAR-201911-1205",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
}
]
},
"last_update_date": "2023-12-18T12:50:26.397000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
},
{
"title": "Patch for Valleylab FT10 and Valleylab FX8 Input Validation Error Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191117"
},
{
"title": "Medtronic Valleylab FT10 Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=102695"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13539"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13539"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4211/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "a983492d-dc48-4e04-9cd7-e50f961e4f75"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"date": "2019-11-08T20:15:10.743000",
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41424"
},
{
"date": "2019-11-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011886"
},
{
"date": "2020-10-09T13:11:28.173000",
"db": "NVD",
"id": "CVE-2019-13539"
},
{
"date": "2020-10-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Valleylab Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011886"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-432"
}
],
"trust": 0.6
}
}
VAR-201911-1206
Vulnerability from variot - Updated: 2023-12-18 12:50Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1206",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "valleylab exchange client",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "3.4"
},
{
"model": "valleylab ft10 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "4.0.0"
},
{
"model": "valleylab fx8 energy platform",
"scope": "lte",
"trust": 1.8,
"vendor": "medtronic",
"version": "1.1.0"
},
{
"model": "valleylab exchange",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=3.4"
},
{
"model": "valleylab ft10",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=4.0.0"
},
{
"model": "valleylab fx8",
"scope": "lte",
"trust": 0.6,
"vendor": "medtronic",
"version": "\u003c=1.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab exchange client",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab ft10 energy platform",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "valleylab fx8 energy platform",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:medtronic:valleylab_exchange_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_ft10_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_ft10_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:valleylab_fx8_energy_platform_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:valleylab_fx8_energy_platform:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"cve": "CVE-2019-13543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13543",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41423",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13543",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13543",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-41423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-441",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device. Medtronic Valleylab FT10 and Valleylab FX8 are both a power supply device for the medical industry from Medtronic",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13543",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-19-311-02",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2019-41423",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.4211",
"trust": 0.6
},
{
"db": "IVD",
"id": "5265EE01-224F-4B99-AAE3-E9FA05D91A57",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"id": "VAR-201911-1206",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
}
]
},
"last_update_date": "2023-12-18T12:50:26.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
},
{
"title": "Patch for Valleylab FT10 and Valleylab FX8 Trust Management Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191115"
},
{
"title": "Medtronic Valleylab FT10 Repair measures for trust management problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105729"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-311-02"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13543"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.4211/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "5265ee01-224f-4b99-aae3-e9fa05d91a57"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"date": "2019-11-08T20:15:10.853000",
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41423"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011837"
},
{
"date": "2019-11-13T21:07:34.660000",
"db": "NVD",
"id": "CVE-2019-13543"
},
{
"date": "2020-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Valleylab Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011837"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-441"
}
],
"trust": 0.6
}
}
VAR-201903-1617
Vulnerability from variot - Updated: 2023-12-18 12:43The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. plural Medtronic The product contains cryptographic vulnerabilities.Information may be obtained. MyCareLink Monitor and others are products developed by Medtronic. An access control error vulnerability exists in several Medtronic products that stems from the failure of the Conexus telemetry protocol to perform cryptographic operations that an attacker can use to intercept communications (including sensitive information transmitted). Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. An attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1617",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "carelink monitor 2490c",
"scope": null,
"trust": 1.7,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink monitor 24952",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink monitor 2490c",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "primo icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink monitor 24950",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "2090"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": "primo icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "secura icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "primo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "evera icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "20900"
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor 24950",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "consulta crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "evera icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mirro icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nayamed nd icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primo icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "secura icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor 24952",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "visia af icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "viva crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink monitor 2490c",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink 2090",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "amplia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "claria crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto ii crt d",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_monitor_24950_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_monitor_24950:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_monitor_24952_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_monitor_24952:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_monitor_2490c_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_monitor_2490c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_2090_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_2090:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:amplia_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:amplia_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:claria_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:claria_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:compia_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:compia_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:concerto_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:concerto_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:concerto_ii_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:concerto_ii_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:consulta_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:consulta_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:evera_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:evera_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:maximo_ii_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:maximo_ii_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:maximo_ii_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:maximo_ii_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mirro_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mirro_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:nayamed_nd_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:nayamed_nd_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:primo_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:primo_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:protecta_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:protecta_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:protecta_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:protecta_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:secura_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:secura_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:virtuoso_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:virtuoso_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:virtuoso_ii_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:virtuoso_ii_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:visia_af_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:visia_af_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:viva_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:viva_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven reported these vulnerabilities to NCCIC.,Peter Morgan of Clever Security; Dave Singel\u00e9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospita,Peter Morgan of Clever Security; Dave Singel\u00c3\u00a9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6540",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6540",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-09066",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-157975",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6540",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6540",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-09066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-831",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157975",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data. plural Medtronic The product contains cryptographic vulnerabilities.Information may be obtained. MyCareLink Monitor and others are products developed by Medtronic. An access control error vulnerability exists in several Medtronic products that stems from the failure of the Conexus telemetry protocol to perform cryptographic operations that an attacker can use to intercept communications (including sensitive information transmitted). Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "VULHUB",
"id": "VHN-157975"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6540",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-19-080-01",
"trust": 3.4
},
{
"db": "BID",
"id": "107544",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-09066",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0950.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "1E9DAD07-7958-4810-AC1E-1CB019C0C368",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157975",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"id": "VAR-201903-1617",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
}
],
"trust": 1.5959183690476189
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
}
]
},
"last_update_date": "2023-12-18T12:43:35.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronic.com/us-en/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-080-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107544"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6540"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6540"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0950.2/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77634"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"db": "VULHUB",
"id": "VHN-157975"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "IVD",
"id": "1e9dad07-7958-4810-ac1e-1cb019c0c368"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"date": "2019-03-26T00:00:00",
"db": "VULHUB",
"id": "VHN-157975"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"date": "2019-03-26T18:29:01.060000",
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09066"
},
{
"date": "2021-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-157975"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003225"
},
{
"date": "2021-11-03T18:57:30.320000",
"db": "NVD",
"id": "CVE-2019-6540"
},
{
"date": "2021-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003225"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-831"
}
],
"trust": 0.6
}
}
VAR-201903-0181
Vulnerability from variot - Updated: 2023-12-18 12:43The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. plural Medtronic The product contains an access control vulnerability.Information may be tampered with. MyCareLink Monitor and others are products developed by Medtronic. Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. An attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 2.4,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 2.4,
"vendor": "medtronic",
"version": "24952"
},
{
"model": "carelink monitor",
"scope": "eq",
"trust": 1.8,
"vendor": "medtronic",
"version": "2490c"
},
{
"model": "evera icd",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": null,
"trust": 1.4,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "primo icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "evera icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d and lcd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd and crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink monitor 2490c",
"scope": null,
"trust": 0.9,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink 2090",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d and lcd",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "2090"
},
{
"model": "primo icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "protecta crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "secura icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "virtuoso ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "visia af icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "amplia crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "nayamed nd icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mirro icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii icd",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "maximo ii crt-d",
"scope": null,
"trust": 0.6,
"vendor": "medtronic",
"version": null
},
{
"model": "viva crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "visia af icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso ii icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "virtuoso icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "secura icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "protecta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "primo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mirro icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "maximo icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "evera icd",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "consulta crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto ii crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "concerto crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "compia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "claria crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "carelink programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "20900"
},
{
"model": "amplia crt-d",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor",
"version": "24950"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mycarelink monitor",
"version": "24952"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "evera icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "maximo ii crt d and lcd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mirro icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "nayamed nd icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "primo icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "protecta icd and crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "secura icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "virtuoso ii icd",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "visia af icd",
"version": null
},
{
"model": "2490c",
"scope": null,
"trust": 0.2,
"vendor": "carelink monitor",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "viva crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "carelink 2090",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "amplia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "claria crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "compia crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "concerto ii crt d",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "consulta crt d",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_monitor_firmware:24952:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_monitor_firmware:24950:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_monitor_firmware:2490c:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:carelink_2090_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:carelink_2090:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:amplia_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:amplia_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:claria_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:claria_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:compia_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:compia_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:concerto_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:concerto_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:concerto_ii_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:concerto_ii_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:consulta_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:consulta_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:evera_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:evera_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:maximo_ii_crt-d_and_lcd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:maximo_ii_crt-d_and_lcd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mirro_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mirro_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:nayamed_nd_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:nayamed_nd_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:primo_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:primo_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:protecta_icd_and_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:protecta_icd_and_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:secura_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:secura_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:virtuoso_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:virtuoso_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:virtuoso_ii_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:virtuoso_ii_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:visia_af_icd_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:visia_af_icd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:viva_crt-d_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:viva_crt-d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospital Gasthuisberg Leuven reported these vulnerabilities to NCCIC.,Peter Morgan of Clever Security; Dave SingelA?e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven,Peter Morgan of Clever Security; Dave Singel\u00e9e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven, currently with University of Birmingham; Flavio D. Garcia; Tom Chothia of the University of Birmingham; and Rik Willems of University Hospita,Peter Morgan of Clever Security; Dave Singel??e and Bart Preneel of KU Leuven; Eduard Marin formerly of KU Leuven",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
],
"trust": 0.6
},
"cve": "CVE-2019-6538",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6538",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-09067",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "c60800b1-5282-4def-ab94-14b4a596d36e",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-157973",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-6538",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6538",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-09067",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-836",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-157973",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product\u2019s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device. plural Medtronic The product contains an access control vulnerability.Information may be tampered with. MyCareLink Monitor and others are products developed by Medtronic. Medtronic Conexus Radio Frequency Telemetry Protocol is prone to multiple security vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information and bypass the security mechanism and gain unauthorized access. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "VULHUB",
"id": "VHN-157973"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6538",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-19-080-01",
"trust": 3.4
},
{
"db": "BID",
"id": "107544",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-09067",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.0950.2",
"trust": 0.6
},
{
"db": "IVD",
"id": "C60800B1-5282-4DEF-AB94-14B4A596D36E",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-157973",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
]
},
"id": "VAR-201903-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
}
],
"trust": 1.5959183690476189
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
}
]
},
"last_update_date": "2023-12-18T12:43:35.533000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-862",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-080-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107544"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6538"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6538"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.0950.2/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-080-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77634"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"db": "VULHUB",
"id": "VHN-157973"
},
{
"db": "BID",
"id": "107544"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"date": "2019-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-157973"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"date": "2019-03-25T22:29:00.763000",
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-09067"
},
{
"date": "2020-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-157973"
},
{
"date": "2019-03-21T00:00:00",
"db": "BID",
"id": "107544"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-003087"
},
{
"date": "2020-10-06T13:19:18.203000",
"db": "NVD",
"id": "CVE-2019-6538"
},
{
"date": "2021-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-003087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access control error",
"sources": [
{
"db": "IVD",
"id": "c60800b1-5282-4def-ab94-14b4a596d36e"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-836"
}
],
"trust": 0.8
}
}
VAR-201808-0370
Vulnerability from variot - Updated: 2023-12-18 12:36Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. plural Medtronic The product contains authentication vulnerabilities.Information may be tampered with. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks. An authorization issue vulnerability exists in several Medtronic products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "minimed 530g",
"scope": null,
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "508 minimed insulin pump",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "722 paradigm real-time",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "751 minimed 530g",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "523k paradigm revel",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "723k paradigm revel",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "523 paradigm revel",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "522 paradigm real-time",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "551 minimed 530g",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "723 paradigm revel",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronicdiabetes",
"version": null
},
{
"model": "minimed paradigm 508 insulin pump",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm real-time 522 insulin pump",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm real-time 722 insulin pump",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 523",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 523k",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 723",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 723k",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mmt mmt minimed 530g",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-551/-751"
},
{
"model": "mmt 523k mmt 723k paradigm revel",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-/-"
},
{
"model": "mmt mmt paradigm revel",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-523/-723"
},
{
"model": "mmt mmt paradigm real-time",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-522/-722"
},
{
"model": "mmt minimed insulin pump",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-508"
},
{
"model": "mmt mmt minimed 530g",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-551/-7510"
},
{
"model": "mmt 523k mmt 723k paradigm revel",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-/-0"
},
{
"model": "mmt mmt paradigm revel",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-523/-7230"
},
{
"model": "mmt mmt paradigm real-time",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-522/-7220"
},
{
"model": "mmt minimed insulin pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-5080"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:523k_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:523k_paradigm_revel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:723k_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:723k_paradigm_revel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:551_minimed_530g_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:551_minimed_530g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronicdiabetes:751_minimed_530g_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronicdiabetes:751_minimed_530g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14781"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC",
"sources": [
{
"db": "BID",
"id": "105044"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14781",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-14781",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-19605",
"impactScore": 6.9,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.5,
"id": "VHN-124975",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-14781",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-14781",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-19605",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-307",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-124975",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2018-14781",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"db": "VULHUB",
"id": "VHN-124975"
},
{
"db": "VULMON",
"id": "CVE-2018-14781"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the \"easy bolus\" and \"remote bolus\" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. plural Medtronic The product contains authentication vulnerabilities.Information may be tampered with. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to the affected device or to obtain sensitive information that may aid in launching further attacks. An authorization issue vulnerability exists in several Medtronic products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "VULHUB",
"id": "VHN-124975"
},
{
"db": "VULMON",
"id": "CVE-2018-14781"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14781",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSMA-18-219-02",
"trust": 3.5
},
{
"db": "BID",
"id": "105044",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-307",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-19605",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-124975",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-14781",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"db": "VULHUB",
"id": "VHN-124975"
},
{
"db": "VULMON",
"id": "CVE-2018-14781"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
]
},
"id": "VAR-201808-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"db": "VULHUB",
"id": "VHN-124975"
}
],
"trust": 1.5333332999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19605"
}
]
},
"last_update_date": "2023-12-18T12:36:36.146000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124975"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"db": "NVD",
"id": "CVE-2018-14781"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-219-02"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/105044"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14781"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14781"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"db": "VULHUB",
"id": "VHN-124975"
},
{
"db": "VULMON",
"id": "CVE-2018-14781"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"db": "VULHUB",
"id": "VHN-124975"
},
{
"db": "VULMON",
"id": "CVE-2018-14781"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"date": "2018-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-124975"
},
{
"date": "2018-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14781"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105044"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"date": "2018-08-13T21:48:01.227000",
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"date": "2018-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19605"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-124975"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-14781"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105044"
},
{
"date": "2018-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009527"
},
{
"date": "2019-10-09T23:35:11.500000",
"db": "NVD",
"id": "CVE-2018-14781"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-307"
}
],
"trust": 0.6
}
}
VAR-201808-0175
Vulnerability from variot - Updated: 2023-12-18 12:36Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. plural Medtronic The product contains an information disclosure vulnerability.Information may be obtained. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. An information disclosure vulnerability exists in several Medtronic products that originated in the form of clear text communication between pump and wireless accessories. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0175",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "minimed 530g",
"scope": null,
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel mmt-723",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel mmt-523",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 508 insulin pump",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel mmt-523k",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed 530g mmt-751",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm real-time mmt-722",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel mmt-723k",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed 530g mmt-551",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm real-time mmt-522",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed 508 insulin pump",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm real-time 522 insulin pump",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm real-time 722 insulin pump",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 523",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 523k",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 723",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm revel 723k",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mmt mmt minimed 530g",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-551/-751"
},
{
"model": "mmt 523k mmt 723k paradigm revel",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-/-"
},
{
"model": "mmt mmt paradigm revel",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-523/-723"
},
{
"model": "mmt mmt paradigm real-time",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-522/-722"
},
{
"model": "mmt minimed insulin pump",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "-508"
},
{
"model": "mmt mmt minimed 530g",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-551/-7510"
},
{
"model": "mmt 523k mmt 723k paradigm revel",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-/-0"
},
{
"model": "mmt mmt paradigm revel",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-523/-7230"
},
{
"model": "mmt mmt paradigm real-time",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-522/-7220"
},
{
"model": "mmt minimed insulin pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "-5080"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523k_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723k_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_530g_mmt-551_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_530g_mmt-551:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-522_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-522:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-722_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-722:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_530g_mmt-751_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_530g_mmt-751:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_508_insulin_pump_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_508_insulin_pump:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10634"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC",
"sources": [
{
"db": "BID",
"id": "105044"
}
],
"trust": 0.3
},
"cve": "CVE-2018-10634",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10634",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-18137",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-120413",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10634",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10634",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-18137",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-306",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-120413",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"db": "VULHUB",
"id": "VHN-120413"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. plural Medtronic The product contains an information disclosure vulnerability.Information may be obtained. MedtronicMMT-508MiniMedinsulinpump and other are different types of insulin pumps from Medtronic Corporation of the United States. An information disclosure vulnerability exists in several Medtronic products that originated in the form of clear text communication between pump and wireless accessories. Multiple Medtronic Isulin Pumps are prone to an authentication-bypass vulnerability and an information-disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "VULHUB",
"id": "VHN-120413"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10634",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-219-02",
"trust": 3.4
},
{
"db": "BID",
"id": "105044",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-306",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-18137",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120413",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"db": "VULHUB",
"id": "VHN-120413"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
]
},
"id": "VAR-201808-0175",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"db": "VULHUB",
"id": "VHN-120413"
}
],
"trust": 1.5333332999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18137"
}
]
},
"last_update_date": "2023-12-18T12:36:36.111000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120413"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"db": "NVD",
"id": "CVE-2018-10634"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-219-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105044"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10634"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10634"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"db": "VULHUB",
"id": "VHN-120413"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"db": "VULHUB",
"id": "VHN-120413"
},
{
"db": "BID",
"id": "105044"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"date": "2018-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-120413"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105044"
},
{
"date": "2018-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"date": "2018-08-13T21:47:59.040000",
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"date": "2018-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-18137"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120413"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105044"
},
{
"date": "2018-11-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009686"
},
{
"date": "2019-10-09T23:32:58.150000",
"db": "NVD",
"id": "CVE-2018-10634"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009686"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-306"
}
],
"trust": 0.6
}
}
VAR-201807-0328
Vulnerability from variot - Updated: 2023-12-18 12:28Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. Medtronic 8840 N'Vision Clinician Programmer and 8870 N'Vision removable Application Card Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 8870 N\'\'Vision removable Application Card is a flash memory card
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0328",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n\\\u0027vision 8870",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "n\\\u0027vision 8840",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "8840 n\u2019vision clinician programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "8870 n\u2019vision removable application card",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:n\\\u0027vision_8840_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:n\\\u0027vision_8840:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:n\\\u0027vision_8870_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:n\\\u0027vision_8870:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"cve": "CVE-2018-10631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10631",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-120410",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10631",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10631",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-1161",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-120410",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-10631",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic N\u0027Vision Clinician Programmer 8840 N\u0027Vision Clinician Programmer, all versions, and 8870 N\u0027Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. Medtronic 8840 N\u0027Vision Clinician Programmer and 8870 N\u0027Vision removable Application Card Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 8870 N\\\u0027\\\u0027Vision removable Application Card is a flash memory card",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10631",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSMA-18-137-01",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-120410",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-10631",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
]
},
"id": "VAR-201807-0328",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:28:53.278000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security at Medtronic",
"trust": 0.8,
"url": "http://www.medtronic.com/us-en/product-security.html?utm_source=medtronic_com_security_vanity_url\u0026utm_medium=printordigital\u0026utm_campaign=security_generic_vanity_url_fy17\u0026cmpid=vanity_url_security_printordigital_fy17"
},
{
"title": "N\u2019Vision 8840 Physician Programmer",
"trust": 0.8,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/medtronic-nvision-8840_security-bulletin_final.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-693",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-137-01"
},
{
"trust": 1.8,
"url": "https://www.medtronic.com/security"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10631"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10631"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/693.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-120410"
},
{
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-13T00:00:00",
"db": "VULHUB",
"id": "VHN-120410"
},
{
"date": "2018-07-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"date": "2018-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"date": "2018-07-13T19:29:00.213000",
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"date": "2018-07-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120410"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-10631"
},
{
"date": "2018-10-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007971"
},
{
"date": "2019-10-09T23:32:57.680000",
"db": "NVD",
"id": "CVE-2018-10631"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic 8840 N\u0027Vision Clinician Programmer and 8870 N\u0027Vision removable Application Card Vulnerability in protection mechanism",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007971"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-1161"
}
],
"trust": 0.6
}
}
VAR-201805-0937
Vulnerability from variot - Updated: 2023-12-18 12:28Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest. The Medtronic N'Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic nerve graft therapy devices. The Medtronic N'Vision Clinician Programmer has an information disclosure vulnerability that allows an attacker to exploit sensitive information. Medtronic N'Vision Clinician Programmer is prone to an information-disclosure vulnerability. The vulnerability is caused by the program not encrypting PII and PHI
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0937",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n\\\u0027vision 8870",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "n\\\u0027vision 8840",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "8840 n\u2019vision clinician programmer",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "8870 n\u2019vision removable application card",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "n\u0027vision application card",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "8870"
},
{
"model": "n\u0027vision clinician programmer",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "8840"
},
{
"model": "n??vision application card",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "88700"
},
{
"model": "n??vision clinician programmer",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "88400"
},
{
"model": "n\u0027vision application card",
"scope": "eq",
"trust": 0.2,
"vendor": "medtronic",
"version": "8870*"
},
{
"model": "n\u0027vision clinician programmer",
"scope": "eq",
"trust": 0.2,
"vendor": "medtronic",
"version": "8840*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:n\\\u0027vision_8840_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:n\\\u0027vision_8840:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:n\\\u0027vision_8870_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:n\\\u0027vision_8870:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios of Whitescope LLC",
"sources": [
{
"db": "BID",
"id": "104213"
}
],
"trust": 0.3
},
"cve": "CVE-2018-8849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-8849",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-10004",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-138881",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.6,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-8849",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8849",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-10004",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-680",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138881",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic N\u0027Vision Clinician Programmer 8840 N\u0027Vision Clinician Programmer, all versions, and 8870 N\u0027Vision removable Application Card, all versions does not encrypt PII and PHI while at rest. The Medtronic N\u0027Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic nerve graft therapy devices. The Medtronic N\u0027Vision Clinician Programmer has an information disclosure vulnerability that allows an attacker to exploit sensitive information. Medtronic N\u0027Vision Clinician Programmer is prone to an information-disclosure vulnerability. The vulnerability is caused by the program not encrypting PII and PHI",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-138881"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8849",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-18-137-01",
"trust": 3.4
},
{
"db": "BID",
"id": "104213",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-10004",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2EFAD9E-39AB-11E9-87B8-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-138881",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
]
},
"id": "VAR-201805-0937",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
}
]
},
"last_update_date": "2023-12-18T12:28:53.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "N\u2019Vision 8840 Physician Programmer",
"trust": 0.8,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/medtronic-nvision-8840_security-bulletin_final.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-137-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/104213"
},
{
"trust": 1.7,
"url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/medtronic-nvision-8840_security-bulletin_final.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8849"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8849"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"db": "VULHUB",
"id": "VHN-138881"
},
{
"db": "BID",
"id": "104213"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"date": "2018-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"date": "2018-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-138881"
},
{
"date": "2018-05-17T00:00:00",
"db": "BID",
"id": "104213"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"date": "2018-05-18T13:29:00.427000",
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"date": "2018-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-10004"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-138881"
},
{
"date": "2018-05-17T00:00:00",
"db": "BID",
"id": "104213"
},
{
"date": "2018-07-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005148"
},
{
"date": "2019-10-09T23:42:56.927000",
"db": "NVD",
"id": "CVE-2018-8849"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "104213"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic N\u0027Vision Clinician Programmer Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2efad9e-39ab-11e9-87b8-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-10004"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-680"
}
],
"trust": 0.6
}
}
VAR-201808-0171
Vulnerability from variot - Updated: 2023-12-18 12:28A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An information disclosure vulnerability exists in MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor (all versions) that the program uses to store credentials in a recoverable format that an attacker can use to authenticate and obtain sensitive information. An attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0171",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mycarelink 24952 patient monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink 24950 patient monitor",
"scope": "eq",
"trust": 1.6,
"vendor": "medtronic",
"version": null
},
{
"model": "24950 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "24952 mycarelink monitor",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24950"
},
{
"model": "mycarelink patient monitor",
"scope": "eq",
"trust": 0.6,
"vendor": "medtronic",
"version": "24952"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249520"
},
{
"model": "mycarelink monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "249500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10622"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope",
"sources": [
{
"db": "BID",
"id": "105042"
}
],
"trust": 0.3
},
"cve": "CVE-2018-10622",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 1.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10622",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2019-21129",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "VHN-120400",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10622",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10622",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-21129",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-289",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120400",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. Medtronic MyCareLink 24950 and 24952 Patient Monitor Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An information disclosure vulnerability exists in MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor (all versions) that the program uses to store credentials in a recoverable format that an attacker can use to authenticate and obtain sensitive information. \nAn attacker can exploit these issues to bypass security restrictions and perform unauthorized actions or obtain sensitive information. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "VULHUB",
"id": "VHN-120400"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10622",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSMA-18-219-01",
"trust": 3.4
},
{
"db": "BID",
"id": "105042",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-21129",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-120400",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"id": "VAR-201808-0171",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
}
],
"trust": 1.53333335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
}
]
},
"last_update_date": "2023-12-18T12:28:47.050000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MyCareLink Patient Monitor",
"trust": 0.8,
"url": "http://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html"
},
{
"title": "Patch for MedtronicMyCareLink24950PatientMonitor and 24952PatientMonitor Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/167021"
},
{
"title": "Medtronic MyCareLink 24950 Patient Monitor and 24952 Patient Monitor Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83915"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-219-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105042"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10622"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10622"
},
{
"trust": 0.3,
"url": "http://www.medtronic.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"db": "VULHUB",
"id": "VHN-120400"
},
{
"db": "BID",
"id": "105042"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"date": "2018-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-120400"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105042"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"date": "2018-08-10T18:29:00.230000",
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"date": "2018-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-21129"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120400"
},
{
"date": "2018-08-07T00:00:00",
"db": "BID",
"id": "105042"
},
{
"date": "2018-11-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-008970"
},
{
"date": "2019-10-09T23:32:56.477000",
"db": "NVD",
"id": "CVE-2018-10622"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Medtronic MyCareLink 24950 and 24952 Patient Monitor Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-008970"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-289"
}
],
"trust": 0.6
}
}