Credential Storage Vulnerability in Medtronic MyCareLink Patient Monitor
CVE-2018-10622

7.1HIGH

Key Information:

Vendor

Medtronic

Status
24950 Mycarelink Monitor
24952 Mycarelink Monitor
Vendor
CVE Published:
10 August 2018

What is CVE-2018-10622?

A serious security flaw exists in the Medtronic MyCareLink 24950 and 24952 Patient Monitors, where per-product credentials are stored in a recoverable format. This design oversight enables attackers to exploit these credentials, gaining unauthorized access for network authentication and decrypting local data at rest. Such vulnerabilities can compromise patient privacy and data integrity, highlighting the need for robust security measures in medical devices.

Affected Version(s)

24950 MyCareLink Monitor All versions

24952 MyCareLink Monitor All versions

References

https://global.medtronic.com/xg-en/product-security/secur...
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01
x_refsource_MISC
http://www.securityfocus.com/bid/105042
vdb-entry

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.