Vulnerabilities > Medtronic
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-28 | CVE-2019-10964 | Improper Access Control vulnerability in Medtronic products Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. | 8.8 |
| 2019-03-26 | CVE-2019-6540 | Cleartext Transmission of Sensitive Information vulnerability in Medtronic products The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. | 6.5 |
| 2019-03-25 | CVE-2019-6538 | Missing Authorization vulnerability in Medtronic products The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. | 6.5 |
| 2018-12-14 | CVE-2018-18984 | Cleartext Storage of Sensitive Information vulnerability in Medtronic products Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . | 4.6 |
| 2018-08-13 | CVE-2018-10634 | Cleartext Transmission of Sensitive Information vulnerability in Medtronic products Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. | 5.3 |
| 2018-08-10 | CVE-2018-10626 | Insufficient Verification of Data Authenticity vulnerability in Medtronic products Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. | 4.4 |
| 2018-08-10 | CVE-2018-10622 | Insufficiently Protected Credentials vulnerability in Medtronic products Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. | 7.1 |
| 2018-07-13 | CVE-2018-10631 | Missing Encryption of Sensitive Data vulnerability in Medtronic N'Vision 8840 Firmware and N'Vision 8870 Firmware Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer and 8870 N'Vision removable application card does not encrypt PII and PHI while at rest. | 6.8 |
| 2018-07-03 | CVE-2018-8870 | Use of Hard-coded Credentials vulnerability in Medtronic products Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. | 6.8 |
| 2018-07-03 | CVE-2018-8868 | Unspecified vulnerability in Medtronic products Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. high complexity medtronic | 6.4 |