Sensitive Data Exposure in Medtronic CareLink Programmers
CVE-2018-18984

4.6MEDIUM

Key Information:

Vendor: Medtronic
Status: Carelink 9790 Programmer; Carelink 2090 Programmer; 29901 Encore Programmer
Vendor: CVE Published:; 14 December 2018

What is CVE-2018-18984?

The Medtronic CareLink 2090 Programmer, CareLink 9790 Programmer, and Encore Programmer 29901 are vulnerable due to insufficient encryption of sensitive information, including personally identifiable information (PII) and protected health information (PHI), while at rest. This vulnerability can lead to unauthorized access to sensitive data, raising significant privacy and security concerns for users and healthcare providers.

Affected Version(s)

29901 Encore Programmer All versions

CareLink 2090 Programmer All versions

CareLink 9790 Programmer All versions

References

https://global.medtronic.com/xg-en/product-security/secur...

https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01

http://www.securityfocus.com/bid/106215

vdb-entry

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2018
Vulnerability Reserved
Nov 6, 2018

JSON