Sensitive Data Exposure in Medtronic CareLink Programmers
CVE-2018-18984

4.6MEDIUM

Key Information:

Vendor: Medtronic
Status: Carelink 9790 Programmer; Carelink 2090 Programmer; 29901 Encore Programmer
Vendor: CVE Published:; 14 December 2018

What is CVE-2018-18984?

The Medtronic CareLink 2090 Programmer, CareLink 9790 Programmer, and Encore Programmer 29901 are vulnerable due to insufficient encryption of sensitive information, including personally identifiable information (PII) and protected health information (PHI), while at rest. This vulnerability can lead to unauthorized access to sensitive data, raising significant privacy and security concerns for users and healthcare providers.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

29901 Encore Programmer All versions

CareLink 2090 Programmer All versions

CareLink 9790 Programmer All versions

References

https://global.medtronic.com/xg-en/product-security/secur...

https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01

http://www.securityfocus.com/bid/106215

vdb-entry

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 14, 2018
Vulnerability Reserved
Nov 6, 2018

JSON

Medtronic

What is CVE-2018-18984?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.