CVE-2018-8849 - OpenCVE

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Medtronic	N\'vision 8840 N\'vision 8840 Firmware N\'vision 8870 N\'vision 8870 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:medtronic:n\'vision_8840_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:n\'vision_8840:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:medtronic:n\'vision_8870_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:n\'vision_8870:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf
http://www.securityfocus.com/bid/104213
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-05-18T13:00:00Z

Updated: 2024-09-16T18:24:34.593Z

Reserved: 2018-03-20T00:00:00

Link: CVE-2018-8849

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-05-18T13:29:00.427

Modified: 2019-10-09T23:42:56.927

Link: CVE-2018-8849

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "N'Vision Clinician Programmer", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "8840 N'Vision Clinician Programmer, all versions"}, {"status": "affected", "version": "8870 N'Vision removable Application Card, all versions"}]}], "datePublic": "2018-05-17T00:00:00", "descriptions": [{"lang": "en", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-311", "description": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-19T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "104213", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104213"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-17T00:00:00", "ID": "CVE-2018-8849", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "N'Vision Clinician Programmer", "version": {"version_data": [{"version_value": "8840 N'Vision Clinician Programmer, all versions"}, {"version_value": "8870 N'Vision removable Application Card, all versions"}]}}]}, "vendor_name": "Medtronic"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "MISSING ENCRYPTION OF SENSITIVE DATA CWE-311"}]}]}, "references": {"reference_data": [{"name": "104213", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104213"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"name": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf", "refsource": "CONFIRM", "url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:10:45.899Z"}, "title": "CVE Program Container", "references": [{"name": "104213", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104213"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-8849", "datePublished": "2018-05-18T13:00:00Z", "dateReserved": "2018-03-20T00:00:00", "dateUpdated": "2024-09-16T18:24:34.593Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:n\\'vision_8840_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0CDE1DCE-A7D1-415B-8B50-CEC490D250DA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:n\\'vision_8840:-:*:*:*:*:*:*:*", "matchCriteriaId": "C8999A64-FA2F-48B6-8EE2-35DC311CBEB4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:n\\'vision_8870_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "568A12CA-DAB3-4797-8223-DC74FA4E8492", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:n\\'vision_8870:-:*:*:*:*:*:*:*", "matchCriteriaId": "40349019-CB0F-490B-A767-64E0C38F0E33", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest."}, {"lang": "es", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, en todas las versiones, y 8870 N'Vision removable Application Card, en todas las versiones, no cifran PII y PHI mientras est\u00e1n en reposo."}], "id": "CVE-2018-8849", "lastModified": "2019-10-09T23:42:56.927", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-18T13:29:00.427", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104213"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-311"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-311"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}