Credential Storage Vulnerability in Medtronic MyCareLink Patient Monitor
CVE-2018-10622

5.2MEDIUM

Key Information:

Vendor

Medtronic

Vendor
CVE Published:
10 August 2018

What is CVE-2018-10622?

A serious security flaw exists in the Medtronic MyCareLink 24950 and 24952 Patient Monitors, where per-product credentials are stored in a recoverable format. This design oversight enables attackers to exploit these credentials, gaining unauthorized access for network authentication and decrypting local data at rest. Such vulnerabilities can compromise patient privacy and data integrity, highlighting the need for robust security measures in medical devices.

Affected Version(s)

24950 MyCareLink Monitor 0

24952 MyCareLink Monitor 0

References

CVSS V3.1

Score:
5.2
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.