CVE-2018-8849

🗓️ 18 May 2018 13:00:00Reported by icscertType

Medtronic N'Vision Clinician Programmer 8840 and 8870 do not encrypt PII and PHI at rest

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2018-8849	18 May 201813:29	–	attackerkb
Circl	CVE-2018-8849	27 Jun 202516:57	–	circl
CNVD	Medtronic N'Vision Clinician Programmer Information Disclosure Vulnerability	21 May 201800:00	–	cnvd
Cvelist	CVE-2018-8849 Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data	18 May 201813:00	–	cvelist
EUVD	EUVD-2018-20457	7 Oct 202500:30	–	euvd
ICS	Medtronic N'Vision Clinician Programmer (Update A)	17 May 201800:00	–	ics
NVD	CVE-2018-8849	18 May 201813:29	–	nvd
Prion	Design/Logic Flaw	18 May 201813:29	–	prion
Positive Technologies	PT-2018-18662 · Medtronic · Medtronic N'Vision Removable Application Card 8870 +1	18 May 201800:00	–	ptsecurity

NVD

Vulners

Node

medtronic n'vision_8840_firmwareMatch-

AND

medtronic n'vision_8840Match-

Node

medtronic n'vision_8870_firmwareMatch-

AND

medtronic n'vision_8870Match-

[
  {
    "defaultStatus": "unaffected",
    "product": "N'Vision Clinician Programmer",
    "vendor": "Medtronic",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "8870 N’Vision removable Application Card",
    "vendor": "Medtronic",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01
medtronic	www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf
medtronic	www.medtronic.com/security
securityfocus	www.securityfocus.com/bid/104213
ics-cert	www.ics-cert.us-cert.gov/advisories/ICSMA-18-137-01

27 Jun 2025 17:15Current

5Medium risk

Vulners AI Score5

CVSS 22.1

CVSS 34.6

CVSS 3.14.6

EPSS0.00083

CWE-311