Vulnerabilities > Medtronic > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2023-25931 Improper Authentication vulnerability in Medtronic Interstim X Clinician and Micro Clinician
Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix.
low complexity
medtronic CWE-287
6.8
2022-12-12 CVE-2022-32537 Unspecified vulnerability in Medtronic products
A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components.
high complexity
medtronic
4.8
2019-11-08 CVE-2019-13535 Incorrect Permission Assignment for Critical Resource vulnerability in Medtronic products
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism does not apply read protection, allowing for full read access of the RFID security mechanism data.
low complexity
medtronic CWE-732
4.6
2019-11-08 CVE-2019-13531 Unspecified vulnerability in Medtronic products
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.
low complexity
medtronic
4.6
2019-03-26 CVE-2019-6540 Cleartext Transmission of Sensitive Information vulnerability in Medtronic products
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption.
low complexity
medtronic CWE-319
6.5
2019-03-25 CVE-2019-6538 Missing Authorization vulnerability in Medtronic products
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization.
low complexity
medtronic CWE-862
6.5
2018-12-14 CVE-2018-18984 Cleartext Storage of Sensitive Information vulnerability in Medtronic products
Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.
low complexity
medtronic CWE-312
4.6
2018-08-13 CVE-2018-10634 Cleartext Transmission of Sensitive Information vulnerability in Medtronic products
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext.
high complexity
medtronic CWE-319
5.3
2018-08-10 CVE-2018-10626 Insufficient Verification of Data Authenticity vulnerability in Medtronic products
A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor.
high complexity
medtronic CWE-345
4.4
2018-07-13 CVE-2018-10631 Protection Mechanism Failure vulnerability in Medtronic N'Vision 8840 Firmware and N'Vision 8870 Firmware
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions.
low complexity
medtronic CWE-693
6.8