Vulnerability CVE-2018-18984


Published: 2018-12-14

Description:
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.

Type:

CWE-310

(Cryptographic Issues)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Medtronic -> 29901 encore programmer firmware 
Medtronic -> Carelink 2090 programmer firmware 
Medtronic -> Carelink 9790 programmer firmware 

 References:
http://www.securityfocus.com/bid/106215
https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01

Copyright 2024, cxsecurity.com

 

Back to Top