Lucene search

IcscertCVE-2018-10622

HistoryAug 10, 2018 - 6:29 p.m.

CVE-2018-10622

2018-08-1018:29:00

CWE-522

CWE-257

icscert

web.nvd.nist.gov

vulnerability

medtronic

mycarelink

patient monitor

network authentication

encryption

data at rest

nvd

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.

Affected configurations

Nvd

Node

medtronicmycarelink_24952_patient_monitor_firmwareMatch-

AND

medtronicmycarelink_24952_patient_monitorMatch-

Node

medtronicmycarelink_24950_patient_monitor_firmwareMatch-

AND

medtronicmycarelink_24950_patient_monitorMatch-

VendorProductVersionCPE
medtronicmycarelink_24952_patient_monitor_firmware-cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*
medtronicmycarelink_24952_patient_monitor-cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*
medtronicmycarelink_24950_patient_monitor_firmware-cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*
medtronicmycarelink_24950_patient_monitor-cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
medtronic	mycarelink_24952_patient_monitor_firmware	-	cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:::::::*
medtronic	mycarelink_24952_patient_monitor	-	cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:::::::*
medtronic	mycarelink_24950_patient_monitor_firmware	-	cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:::::::*
medtronic	mycarelink_24950_patient_monitor	-	cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:::::::*

CNA Affected

[
  {
    "product": "Medtronic MyCareLink 24950, 24952 Patient Monitor",
    "vendor": "ICS-CERT",
    "versions": [
      {
        "status": "affected",
        "version": "All versions"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105042

ics-cert.us-cert.gov/advisories/ICSMA-18-219-01

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

7.1

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

32.8%

JSON

Related for CVE-2018-10622