CVE-2018-8849 Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

CVE-2018-8849

CVE-2018-8849 affects Medtronic N’Vision Clinician Programmer 8840 (all versions) and 8870 removable Application Card (all versions). root cause: missing encryption of PII/PHI at rest, enabling potential exposure of sensitive patient data if physical access is gained. ICS-CERT Update A confirms v...

Medtronic N'Vision Clinician Programmer (Update A)

1. EXECUTIVE SUMMARY --------- Begin Update A Part 1 of 5 -------- CVSS v3 6.3 --------- End Update A Part 1 of 5 ----------- ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: N’Vision Clinician Programmer --------- Begin Update A Part 2 of 5 ----------- Vulnerabilities:...

CVE-2017-14014

Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

Design/Logic Flaw

Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

CVE-2017-14012

Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

Hardcoded credentials

Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

CVE-2017-14014

Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI prior to having it transferred to removable media. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

CVE-2017-14012

Mode C: The CVE-2017-14012 entry concerns Boston Scientific ZOOM LATITUDE PRM Model 3120. The vulnerability is due to a hard-coded cryptographic key used to encrypt PHI before transfer to removable media, resulting in PHI not being encrypted at rest. Affected product: ZOOM LATITUDE PRM – Model 31...

CVE-2017-14014

Summary of CVE-2017-14014 : The Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded cryptographic key to encrypt PHI before it is transferred to removable media. This creates a vulnerability (CWE-321: Use of Hard-coded Cryptographic Key) with CVSS3 base score 4.6 (vector AV:P/AC:L/PR...

CVE-2017-14012

Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at rest. CVSS v3 base score: 4.6; CVSS vector string: AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N...

CVE-2017-9656

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevate...

Hardcoded credentials

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevate...

Unsafe Opcodes exposed in Intel SPI based products

Summary: Configuration of SPI Flash in platforms based on multiple Intel CPUs allows a local attacker to alter the behavior of the SPI Flash, potentially leading to a Denial of Service. This issue has been root-caused, and the mitigation has been validated and is available. Description:...

ICSMA-17-229-01_Philips' DoseWise Portal Vulnerabilities

OVERVIEW Philips has identified Hard-coded Credentials and Cleartext Storage of Sensitive Information vulnerabilities in Philips’ DoseWise Portal DWP web application. Philips has updated product documentation and produced a new version that mitigates these vulnerabilities. These vulnerabilities...

Hardcoded credentials

A hard-coded password issue was discovered in Becton, Dickinson and Company BD PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the...

CVE-2017-6022

A hard-coded password issue was discovered in Becton, Dickinson and Company BD PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the...

CVE-2017-6022

A hard-coded password issue was discovered in Becton, Dickinson and Company BD PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the...

CVE-2017-6022

A hard-coded password issue was discovered in Becton, Dickinson and Company BD PerformA, Version 2.0.14.0 and prior versions, and KLA Journal Service, Version 1.0.51 and prior versions. They use hard-coded passwords to access the BD Kiestra Database, which could be leveraged to compromise the...

WordPress CM Download Manager 2.0.0 Code Injection

Vulnerability title: Code Injection in Wordpress CM Download Manager plugin CVE: CVE-2014-8877 Plugin: CM Download Manager plugin Vendor: CreativeMinds - https://www.cminds.com/ Product: https://wordpress.org/plugins/cm-download-manager/ Affected version: 2.0.0 and previous version Fixed version:...