CVE-2018-8849 Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data

🗓️ 18 May 2018 13:00:00Reported by icscertType

Medtronic N'Vision Clinician Programmer does not encrypt PII and PHI at res

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2018-8849	18 May 201813:29	–	attackerkb
Circl	CVE-2018-8849	27 Jun 202516:57	–	circl
CNVD	Medtronic N'Vision Clinician Programmer Information Disclosure Vulnerability	21 May 201800:00	–	cnvd
CVE	CVE-2018-8849	18 May 201813:00	–	cve
EUVD	EUVD-2018-20457	7 Oct 202500:30	–	euvd
ICS	Medtronic N'Vision Clinician Programmer (Update A)	17 May 201800:00	–	ics
NVD	CVE-2018-8849	18 May 201813:29	–	nvd
Prion	Design/Logic Flaw	18 May 201813:29	–	prion
Positive Technologies	PT-2018-18662 · Medtronic · Medtronic N'Vision Removable Application Card 8870 +1	18 May 201800:00	–	ptsecurity

[
  {
    "defaultStatus": "unaffected",
    "product": "N'Vision Clinician Programmer",
    "vendor": "Medtronic",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "8870 N’Vision removable Application Card",
    "vendor": "Medtronic",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01
medtronic	www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf
medtronic	www.medtronic.com/security
securityfocus	www.securityfocus.com/bid/104213

27 Jun 2025 16:24Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.14.6

EPSS0.00083

CWE-311