Vulnerability CVE-2018-8870
Published: 2018-07-02   Modified: 2018-07-03

Description:
Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Type:

CWE-798

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Medtronic -> 24950 mycarelink monitor firmware 
Medtronic -> 24952 mycarelink monitor firmware 

 References:
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01
Copyright 2024, cxsecurity.com

 

Back to Top