CVE-2018-10631 - OpenCVE

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Ics Cert	Medtronic N Vision Clinician Programmer
Medtronic	N\'vision 8840 N\'vision 8840 Firmware N\'vision 8870 N\'vision 8870 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:medtronic:n\'vision_8840_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:n\'vision_8840:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:medtronic:n\'vision_8870_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:n\'vision_8870:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01
https://www.medtronic.com/security

History

Wed, 18 Sep 2024 08:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ics Cert Ics Cert medtronic N Vision Clinician Programmer
CPEs		cpe:2.3:a:ics_cert:medtronic_n_vision_clinician_programmer::::::::
Vendors & Products		Ics Cert Ics Cert medtronic N Vision Clinician Programmer
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Mon, 19 Aug 2024 20:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-284
Metrics		cvssV3_1 `{'score': 6.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-07-13T19:00:00Z

Updated: 2024-09-17T03:22:23.847Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10631

Vulnrichment

Updated: 2024-08-05T07:46:46.502Z

NVD

Status : Modified

Published: 2018-07-13T19:29:00.213

Modified: 2024-08-19T19:35:00.700

Link: CVE-2018-10631

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object