Vulnerabilities > Medtronic > High

DATE CVE VULNERABILITY TITLE RISK
2023-06-29 CVE-2023-31222 Deserialization of Untrusted Data vulnerability in Medtronic Paceart Optima 1.11
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
network
low complexity
medtronic CWE-502
8.8
2020-12-14 CVE-2020-27252 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader.
network
high complexity
medtronic CWE-367
8.1
2020-12-14 CVE-2020-25183 Improper Authentication vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 contains an authentication protocol vulnerability where the method used to authenticate between the MCL Smart Patient Reader and the Medtronic MyCareLink Smart mobile app is vulnerable to bypass.
low complexity
medtronic CWE-287
8.8
2019-11-08 CVE-2019-13543 Use of Hard-coded Credentials vulnerability in Medtronic products
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials.
network
low complexity
medtronic CWE-798
7.5
2019-11-08 CVE-2019-13539 Inadequate Encryption Strength vulnerability in Medtronic products
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use the descrypt algorithm for OS password hashing.
local
low complexity
medtronic CWE-326
7.8
2019-06-28 CVE-2019-10964 Improper Access Control vulnerability in Medtronic products
Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices.
low complexity
medtronic CWE-284
8.8
2018-08-10 CVE-2018-10622 Insufficiently Protected Credentials vulnerability in Medtronic products
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format.
high complexity
medtronic CWE-522
7.1
2018-07-03 CVE-2018-10596 Information Exposure vulnerability in Medtronic 2090 Carelink Programmer Firmware
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates.
low complexity
medtronic CWE-200
8.0