CVE-2018-10631

Summary (CVE-2018-10631) : The vulnerability affects Medtronic N’Vision Clinician Programmer 8840 and the 8870 removable Application Card. An attacker with physical access to the 8870 card and sufficient technical capability can modify the card’s contents, including binaries. If modified to bypas...

CVE-2018-10631 Medtronic N'Vision Clinician Programmer Protection Mechanism Failure

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

CVE-2018-10631 Medtronic N'Vision Clinician Programmer Protection Mechanism Failure

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection...

CVE-2018-3687

Unquoted service paths in Intel Quartus II Programmer and Tools in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code...

CVE-2018-3688

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code...

Code injection

Unquoted service paths in Intel Quartus Prime Programmer and Tools in versions 15.1 - 18.0 allow a local attacker to potentially execute arbitrary code...

CVE-2018-3688

CVE-2018-3688 refers to an unquoted service path vulnerability in Intel Quartus Prime Programmer and Tools, affecting Quartus Prime Programmer and Tools v15.1–18.0. The underlying issue enables a local attacker to potentially execute arbitrary code with elevated privileges by abusing the service ...

CVE-2018-3687

Intel reports a Privilege Escalation/Vulnerability in the Intel Quartus family due to unquoted service paths. Affected: Quartus II v11.0–15.0; Quartus Prime v15.1–18.0; Intel Quartus II Programmer and Tools v11.0–15.0; Programmer and Tools v15.1–18.0. Root cause: unquoted service paths in the JTA...

Medtronic 2090 CareLink Programmer Design Vulnerability

The Medtronic 2090 CareLink Programmer is a suite of portable computer products from Medtronic, Inc. The product is used to manage and program cardiac devices in the medical industry. A security vulnerability exists in all versions of the Medtronic 2090 CareLink Programmer in the affected product...

Code injection

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the...

CVE-2018-10596

CVE-2018-10596 affects the Medtronic 2090 CareLink Programmer (and 29901 Encore Programmer) where software downloads updates over a VPN-protected network via HTTP without verifying VPN persistence or update source. The root issue is improper restriction of communication channels to intended endpo...

Node.js third-party modules: Privilage escalation with malicious .npmrc

Hello. I'm forwarding to you my conversation with npm staff regarding security issue. It allows to escalate to root privilages of victim using either: a basic social engineering - convincing victim to run npm in attacker-controlled folder eg. repository, including such innocent ones like "npm hel...

Medtronic N'Vision Clinician Programmer Information Disclosure Vulnerability

The Medtronic N'Vision Clinician Programmer is a small, portable device that provides a single programming platform for Medtronic's nerve graft therapy devices. An information disclosure vulnerability exists in Medtronic N'Vision Clinician Programmer, which can be exploited by attackers to obtain...

CVE-2018-8849

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

CVE-2018-8849

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

Design/Logic Flaw

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest...

CVE-2018-8849 Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

CVE-2018-8849

CVE-2018-8849 affects Medtronic N’Vision Clinician Programmer 8840 (all versions) and 8870 removable Application Card (all versions). root cause: missing encryption of PII/PHI at rest, enabling potential exposure of sensitive patient data if physical access is gained. ICS-CERT Update A confirms v...

Medtronic N'Vision Clinician Programmer (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 -------- CVSS v3 6.3 --------- End Update A Part 1 of 5 ----------- ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: N’Vision Clinician Programmer --------- Begin Update A Part 2 of 5 ----------- Vulnerabilities:...

Design/Logic Flaw

All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network...