Vulnerabilities > Medtronic > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-29 CVE-2023-31222 Deserialization of Untrusted Data vulnerability in Medtronic Paceart Optima
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
network
low complexity
medtronic CWE-502
8.8
2019-11-08 CVE-2019-13539 Inadequate Encryption Strength vulnerability in Medtronic products
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing.
local
low complexity
medtronic CWE-326
7.2
2018-07-03 CVE-2018-8870 Use of Hard-coded Credentials vulnerability in Medtronic products
Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password.
local
low complexity
medtronic CWE-798
7.2