Filtered by vendor Medtronic
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25187 | 1 Medtronic | 2 Mycarelink Smart Model 25000, Mycarelink Smart Model 25000 Firmware | 2024-08-04 | 9.8 Critical |
| Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device. | ||||
| CVE-2020-25183 | 1 Medtronic | 2 Mycarelink Smart Model 25000, Mycarelink Smart Model 25000 Firmware | 2024-08-04 | 8.8 High |
| Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass. This vuln allows attacker to use other mobile device or malicious app on smartphone to auth to the patient’s Smart Reader, fools the device into thinking its communicating with the actual smart phone application when executed in range of Bluetooth. | ||||
| CVE-2022-32537 | 1 Medtronic | 56 Guardian Link 2 Transmitter Mmt-7730, Guardian Link 2 Transmitter Mmt-7730 Firmware, Guardian Link 2 Transmitter Mmt-7731 and 53 more | 2024-08-03 | 4.8 Medium |
| A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance | ||||
| CVE-2023-31222 | 1 Medtronic | 1 Paceart Optima | 2024-08-02 | 9.8 Critical |
| Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity. | ||||
| CVE-2023-25931 | 1 Medtronic | 2 Interstim X Clinician, Micro Clinician | 2024-08-02 | 6.4 Medium |
| Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer. | ||||