Vulnerabilities > Medtronic > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2023-25931 | Improper Authentication vulnerability in Medtronic Interstim X Clinician and Micro Clinician Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. | 6.8 |
| 2022-12-12 | CVE-2022-32537 | Unspecified vulnerability in Medtronic products A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. high complexity medtronic | 4.8 |
| 2019-11-08 | CVE-2019-13535 | Incorrect Permission Assignment for Critical Resource vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data. | 4.6 |
| 2019-11-08 | CVE-2019-13531 | Unspecified vulnerability in Medtronic products In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator. low complexity medtronic | 4.6 |
| 2019-03-26 | CVE-2019-6540 | Cleartext Transmission of Sensitive Information vulnerability in Medtronic products The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. | 6.5 |
| 2019-03-25 | CVE-2019-6538 | Missing Authorization vulnerability in Medtronic products The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. | 6.5 |
| 2018-12-14 | CVE-2018-18984 | Cleartext Storage of Sensitive Information vulnerability in Medtronic products Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . | 4.6 |
| 2018-08-13 | CVE-2018-10634 | Cleartext Transmission of Sensitive Information vulnerability in Medtronic products Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. | 5.3 |
| 2018-08-10 | CVE-2018-10626 | Insufficient Verification of Data Authenticity vulnerability in Medtronic products Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. | 4.4 |
| 2018-07-13 | CVE-2018-10631 | Missing Encryption of Sensitive Data vulnerability in Medtronic N'Vision 8840 Firmware and N'Vision 8870 Firmware Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer and 8870 N'Vision removable application card does not encrypt PII and PHI while at rest. | 6.8 |