EUVD-2018-17216

Malware in sbrugna...

Medtronic 2090 CareLink Programmer Design Vulnerability

The Medtronic 2090 CareLink Programmer is a suite of portable computer products from Medtronic, Inc. The product is used to manage and program cardiac devices in the medical industry. A security vulnerability exists in all versions of the Medtronic 2090 CareLink Programmer in the affected product...

Code injection

Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates. The product does not verify it is still connected to this virtual private network before downloading updates. An attacker with local network access to the...

CVE-2018-5446

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format...

CVE-2018-5448

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system...

Design/Logic Flaw

All versions of the Medtronic 2090 Carelink Programmer are affected by a per-product username and password that is stored in a recoverable format which could allow an attacker with physical access to a 2090 Programmer to obtain per-product credentials to the software deployment network...

CVE-2018-5446 Medtronic 2090 Carelink Programmer Storing Passwords in a Recoverable Format

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format...

CVE-2018-5448

CVE-2018-5448 affects Medtronic 2090 CareLink Programmer and 29901 Encore Programmer via the CareLink SDN. The vulnerability is a relative path traversal in the software deployment network that could allow an attacker to read files on the system. ICS-CERT advisory Update C/Update B describes this...

CVE-2018-5446

CVE-2018-5446 affects Medtronic CareLink programmers (2090 CareLink Programmer and 29901 Encore Programmer). The flaw arises from passwords stored in a recoverable format, enabling credential exposure when physical access is present. ICS-CERT advisory and subsequent updates document a CVSS v3 bas...

CVE-2018-5448 Medtronic 2090 Carelink Programmer Relative Path Traversal

Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system...

Medtronic 2090 Carelink Programmer Information Disclosure Vulnerability

The Medtronic 2090 Carelink Programmer is used by trained personnel in hospitals and clinics to program and manage Medtronic cardiac devices. An information disclosure vulnerability exists in the Medtronic 2090 Carelink Programmer, where user names and passwords used by the affected product are...

Medtronic 2090 Carelink Programmer Directory Traversal Vulnerability

The Medtronic 2090 Carelink Programmer is used by trained personnel in hospitals and clinics to program and manage Medtronic cardiac devices. The software deployment network for the affected product contains a directory traversal vulnerability that could allow an attacker to read files on the...

Medtronic 2090 Carelink Programmer Vulnerabilities (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.1 Vendor: Medtronic Equipment: 2090 CareLink Programmer, 29901 Encore Programmer Vulnerabilities: Storing Passwords in a Recoverable Format, Relative Path Traversal, Improper Restriction of Communication Channel to Intended Endpoints 2. UPDATE INFORMATION This...