{"containers": {"cna": {"affected": [{"product": "Medtronic N'Vision Clinician Programmer", "vendor": "ICS-CERT", "versions": [{"status": "affected", "version": "8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions."}]}], "descriptions": [{"lang": "en", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-693", "description": "PROTECTION MECHANISM FAILURE CWE-693", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-16T14:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"tags": ["x_refsource_MISC"], "url": "https://www.medtronic.com/security"}], "x_ConverterErrors": {"DATE_PUBLIC": {"error": "v4 DATE_PUBLIC is invalid", "message": "month must be in 1..12"}}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2017-50-17T00:00:00", "ID": "CVE-2018-10631", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Medtronic N'Vision Clinician Programmer", "version": {"version_data": [{"version_value": "8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions."}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PROTECTION MECHANISM FAILURE CWE-693"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"name": "https://www.medtronic.com/security", "refsource": "MISC", "url": "https://www.medtronic.com/security"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.502Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.medtronic.com/security"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "affected": [{"vendor": "ics_cert", "product": "medtronic_n_vision_clinician_programmer", "cpes": ["cpe:2.3:a:ics_cert:medtronic_n_vision_clinician_programmer:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "8840_n_vision_clinician_programmer", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}, {"version": "8870_n_vision_removable_application_card", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-19T18:07:51.945413Z", "id": "CVE-2018-10631", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T18:26:09.940Z"}}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10631", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2024-09-17T03:22:23.847Z", "state": "PUBLISHED", "datePublished": "2018-07-13T19:00:00Z"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://www.medtronic.com/security", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.502Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2018-10631", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-19T18:07:51.945413Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ics_cert:medtronic_n_vision_clinician_programmer:*:*:*:*:*:*:*:*"], "vendor": "ics_cert", "product": "medtronic_n_vision_clinician_programmer", "versions": [{"status": "affected", "version": "8840_n_vision_clinician_programmer", "versionType": "custom", "lessThanOrEqual": "*"}, {"status": "affected", "version": "8870_n_vision_removable_application_card"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-19T18:17:20.071Z"}}], "cna": {"affected": [{"vendor": "ICS-CERT", "product": "Medtronic N'Vision Clinician Programmer", "versions": [{"status": "affected", "version": "8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions."}]}], "references": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "tags": ["x_refsource_MISC"]}, {"url": "https://www.medtronic.com/security", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-693", "description": "PROTECTION MECHANISM FAILURE CWE-693"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2018-07-16T14:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions."}]}, "product_name": "Medtronic N'Vision Clinician Programmer"}]}, "vendor_name": "ICS-CERT"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "refsource": "MISC"}, {"url": "https://www.medtronic.com/security", "name": "https://www.medtronic.com/security", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "PROTECTION MECHANISM FAILURE CWE-693"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-10631", "STATE": "PUBLIC", "ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2017-50-17T00:00:00"}}, "x_ConverterErrors": {"DATE_PUBLIC": {"error": "v4 DATE_PUBLIC is invalid", "message": "month must be in 1..12"}}}}, "cveMetadata": {"cveId": "CVE-2018-10631", "state": "PUBLISHED", "dateUpdated": "2024-09-17T03:22:23.847Z", "dateReserved": "2018-05-01T00:00:00", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2018-07-13T19:00:00Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:n\\'vision_8840_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CDE1DCE-A7D1-415B-8B50-CEC490D250DA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:n\\'vision_8840:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8999A64-FA2F-48B6-8EE2-35DC311CBEB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:n\\'vision_8870_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "568A12CA-DAB3-4797-8223-DC74FA4E8492", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:n\\'vision_8870:-:*:*:*:*:*:*:*", "matchCriteriaId": "40349019-CB0F-490B-A767-64E0C38F0E33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer."}, {"lang": "es", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, en todas las versiones, y 8870 N'Vision Application Card extra\u00edble, en todas las versiones. 8840 Clinician Programmer ejecuta el programa de la aplicaci\u00f3n desde la Application Card 8870. Un atacante con acceso f\u00edsico a la Application Card 8870 y la suficiente capacidad t\u00e9cnica puede modificar el contenido de esta tarjeta, incluyendo los ejecutables binarios. Si se modifica para omitir los mecanismos de protecci\u00f3n, este c\u00f3digo malicioso se ejecutar\u00e1 cuando la tarjeta se inserta en un 8840 Clinician Programmer."}], "id": "CVE-2018-10631", "lastModified": "2024-11-21T03:41:41.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2018-07-13T19:29:00.213", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.medtronic.com/security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.medtronic.com/security"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-693"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-693"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}