Metrics
Affected Vendors & Products
Solution
Medtronic will release several rolling over-the-air product updates that will mitigate the vulnerabilities described within this advisory. These updates will be applied to devices automatically as part of standard, reoccurring update processes. In addition, Medtronic has increased security monitoring of affected devices and related infrastructure. Medtronic has released additional patient focused information, at the following location: https://www.medtronic.com/security
Workaround
Medtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should: * Maintain good physical controls over the home monitor as the best mitigation to these vulnerabilities. * Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. * Report any concerning behavior regarding their home monitor to their healthcare provider or a Medtronic representative. Medtronic has released additional patient focused information, at the following location: https://www.medtronic.com/security
Thu, 22 May 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. | Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. |
Title | Medtronic MyCareLink Patient Monitor Use of Hard-coded Password | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: icscert
Published:
Updated: 2025-05-22T18:10:03.426Z
Reserved: 2018-03-20T00:00:00
Link: CVE-2018-8870

No data.

Status : Modified
Published: 2018-07-03T01:29:01.940
Modified: 2025-05-22T19:15:22.237
Link: CVE-2018-8870

No data.

No data.