Vulnerabilities > Medtronic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2023-25931 | Improper Authentication vulnerability in Medtronic Interstim X Clinician and Micro Clinician Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. | 6.8 |
| 2022-12-12 | CVE-2022-32537 | Unspecified vulnerability in Medtronic products A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. high complexity medtronic | 4.8 |
| 2019-11-08 | CVE-2019-13535 | Incorrect Permission Assignment for Critical Resource vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | 4.6 |
| 2019-11-08 | CVE-2019-13531 | Unspecified vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. low complexity medtronic | 4.6 |
| 2019-03-26 | CVE-2019-6540 | Cleartext Transmission of Sensitive Information vulnerability in Medtronic products The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. | 6.5 |
| 2019-03-25 | CVE-2019-6538 | Missing Authorization vulnerability in Medtronic products The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. | 6.5 |
| 2018-12-14 | CVE-2018-18984 | Cleartext Storage of Sensitive Information vulnerability in Medtronic products Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI. | 4.6 |
| 2018-08-13 | CVE-2018-10634 | Cleartext Transmission of Sensitive Information vulnerability in Medtronic products Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. | 5.3 |
| 2018-08-10 | CVE-2018-10626 | Insufficient Verification of Data Authenticity vulnerability in Medtronic products A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. | 4.4 |
| 2018-07-13 | CVE-2018-10631 | Protection Mechanism Failure vulnerability in Medtronic N'Vision 8840 Firmware and N'Vision 8870 Firmware Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. | 6.8 |