Vulnerabilities > Medtronic

DATE CVE VULNERABILITY TITLE RISK
2019-06-28 CVE-2019-10964 Incorrect Authorization vulnerability in Medtronic products
In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices.
low complexity
medtronic CWE-863
5.8
5.8
2019-03-26 CVE-2019-6540 Cleartext Transmission of Sensitive Information vulnerability in Medtronic products
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption.
low complexity
medtronic CWE-319
3.3
3.3
2019-03-25 CVE-2019-6538 Improper Access Control vulnerability in Medtronic products
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization.
low complexity
medtronic CWE-284
3.3
3.3
2018-12-14 CVE-2018-18984 Cryptographic Issues vulnerability in Medtronic products
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.
local
low complexity
medtronic CWE-310
2.1
2.1
2018-08-13 CVE-2018-10634 Cleartext Transmission of Sensitive Information vulnerability in Medtronic products
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. 		2.9
2.9
2018-08-10 CVE-2018-10626 Insufficient Verification of Data Authenticity vulnerability in Medtronic products
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. 		3.8
3.8
2018-08-10 CVE-2018-10622 Insufficiently Protected Credentials vulnerability in Medtronic products
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. 		1.9
1.9
2018-07-13 CVE-2018-10631 Protection Mechanism Failure vulnerability in Medtronic N'Vision 8840 Firmware and N'Vision 8870 Firmware
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions.
local
low complexity
medtronic CWE-693
4.6
4.6
2018-07-03 CVE-2018-8870 Use of Hard-coded Credentials vulnerability in Medtronic products
Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password.
local
low complexity
medtronic CWE-798
7.2
7.2
2018-07-03 CVE-2018-8868 Unspecified vulnerability in Medtronic products
Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device.
local
medtronic
6.9
6.9