CVE-2025-4386

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​...

SAMD: A Tool for Identifying False Data Injection Scenarios in AI/ML-Enabled Medical Devices

The growing integration of artificial intelligence AI and machine learning ML in medical systems requires effective measures to address emerging security risks. One such risk is that of adversaries introducing false data through vulnerable system components during inference, causing misdiagnosis...

CVE-2025-4386

Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​...

VulnCheck KEV: CVE-2024-12248

Contec Health CMS8000 Patient Monitor is vulnerable to an out-of-bounds write, which could allow an attacker to send specially formatted UDP requests in order to write arbitrary data. This could result in remote code execution...

EUVD-2018-20464

Malware in sbrugna...

EUVD-2011-3349

Malware in sbrugna...

EUVD-2021-14164

Malware in sbrugna...

EUVD-2023-12877

Malicious code in bioql PyPI...

CVE-2025-4393

Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before Jun...

Story About Medical Device Security

Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don't remember the story at all, or who the company was. But it sounds about right...

The vulnerability of the microprogrammed software of medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 arises from the fact that the output of operations may escape the buffer in memory. This allows an intruder to gain unauthorized access to protected information, execute arbitrary codes, or gain full control over the device.

The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protecte...

The vulnerability of microprogrammed medical device monitoring systems, such as the CMS8000 Patient Monitor and Epsimed MN-120, related to the incorrect provision of information to unauthorized individuals, allows a intruder to gain unauthorized access to protected information and carry out a “man-in-the-middle” type attack.

The vulnerability of the microprogrammed software used in medical devices for monitoring patient status, such as the CMS8000 Patient Monitor and Epsimed MN-120, stems from the unauthorized provision of information to individuals who are not authorized. This occurs due to the use of a rigidly code...

The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices lies in the fact that they send requests to a rigidly encoded external IP address. This allows attackers to circumvent security restrictions and upload or re-upload files onto the devices.

The vulnerability of the microprogrammed software in medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 lies in the fact that requests are sent to a rigidly encoded external IP address. Exploiting this vulnerability allows an attacker to bypass security restrictions and...

Baxter Welch Allyn Connex Spot Monitor

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION : Exploitable remotely Vendor : Baxter Equipment : Welch Allyn Connex Spot Monitor CSM Vulnerability : Use of Default Cryptographic Key 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to modify device...

BD Alaris System with Guardrails Suite MX 授权问题漏洞

The BD Alaris System with Guardrails Suite MX is a medical device from BD Medical BD. A security vulnerability exists in the BD Alaris System with Guardrails Suite MX, which originates from the ability to modify the configuration of a PCU without having to authenticate using a physical connection...

CVE-2023-0888 Authenticated eval injection in B. Braun Space Battery pack SP with Wi-Fi

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...

B. Braun SpaceCom 代码注入漏洞

B. Braun SpaceCom is a miniature camera for medical applications from B. Braun. A security vulnerability exists in the B. Braun SpaceCom WiFi Battery embedded web server versions L90/U70 and L92/U92, which can be exploited by an attacker to gain administrative access to the WiFi communication...

How New Cybersecurity Regulations Are Shaping the Medical Device Industry

By Waqas Here’s a rundown of the impact of new cybersecurity regulations as they are applied to the medical device industry. This is a post from HackRead.com Read the original post: How New Cybersecurity Regulations Are Shaping the Medical Device Industry...

MilleGPG5 5.7.2 Luglio 2021 - Local Privilege Escalation Vulnerability

Exploit Title: MilleGPG5 5.7.2 Luglio 2021 x64 - Local Privilege Escalation Author: Alessandro 'mindsflee' Salzano Vendor Homepage: https://millegpg.it/ Software Homepage: https://millegpg.it/ Software Link: https://www.millegpg.it/download/MilleGPGInstall.exe Version: 5.7.2 Tested on: Microsoft...

Philips IntelliBridge EC 40 and EC 80 Hub

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Low attack complexity Vendor: Philips Equipment: IntelliBridge EC 40 and EC 80 Hub Vulnerabilities: Use of Hard-coded Credentials, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these...