Vulnerabilities > Medtronic > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-25931 Improper Authentication vulnerability in Medtronic Interstim X Clinician and Micro Clinician
Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix.
low complexity
medtronic CWE-287
6.8
2022-12-12 CVE-2022-32537 Unspecified vulnerability in Medtronic products
A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components.
high complexity
medtronic
4.8
2020-12-14 CVE-2020-25183 Improper Authentication vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware
Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass.
low complexity
medtronic CWE-287
5.8
2019-11-08 CVE-2019-13543 Use of Hard-coded Credentials vulnerability in Medtronic products
Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials.
network
low complexity
medtronic CWE-798
5.0
2019-06-28 CVE-2019-10964 Incorrect Authorization vulnerability in Medtronic products
In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices.
low complexity
medtronic CWE-863
5.8
2018-07-13 CVE-2018-10631 Protection Mechanism Failure vulnerability in Medtronic N'Vision 8840 Firmware and N'Vision 8870 Firmware
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions.
low complexity
medtronic CWE-693
6.8
2018-07-03 CVE-2018-8868 Unspecified vulnerability in Medtronic products
Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device.
local
medtronic
6.9
2018-07-03 CVE-2018-10596 Information Exposure vulnerability in Medtronic 2090 Carelink Programmer Firmware
Medtronic 2090 CareLink Programmer all versions The affected product uses a virtual private network connection to securely download updates.
low complexity
medtronic CWE-200
5.2
2011-09-02 CVE-2011-3386 Unspecified vulnerability in Medtronic Paradigm Wireless Insulin Pump
Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011.
network
high complexity
medtronic
4.0