Description
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​
Published: 2026-05-07
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Medtronic MyCareLink Patient Monitor includes an internal serial interface that, when accessed through a UART terminal by anyone with physical proximity, presents a login prompt. This allows an attacker to bypass device authentication and potentially gain privileged control over the monitor’s functions, affecting patient data integrity and safety. The vulnerability is classified as a hardware debug access flaw (CWE-1263).

Affected Systems

The affected systems are Medtronic MyCareLink Patient Monitor models 24950 and 24952. No specific firmware or software version information is supplied.

Risk and Exploitability

The CVSS score of 6.8 indicates medium severity. EPSS data are not provided and the vulnerability is not listed in CISA KEV. The likely attack vector is physical access to the UART debug port; once accessed, the attacker can log in and potentially change settings or read sensitive data. While exploitation requires proximity, the impact on patient safety makes this a significant concern for installations that rely on these monitors.

Generated by OpenCVE AI on May 7, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Cover or disable the UART debug port to prevent physical access
  • Implement strict physical access controls to the monitor enclosure
  • Apply any vendor firmware updates that remove or secure the debug interface

Generated by OpenCVE AI on May 7, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Medtronic
Medtronic mycarelink Monitor 24950
Medtronic mycarelink Monitor 24952
Vendors & Products Medtronic
Medtronic mycarelink Monitor 24950
Medtronic mycarelink Monitor 24952

Thu, 07 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​
Title Medtronic MyCareLink Patient Monitor Hardware Debug Port
Weaknesses CWE-1263
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Medtronic Mycarelink Monitor 24950 Mycarelink Monitor 24952
cve-icon MITRE

Status: PUBLISHED

Assigner: Medtronic

Published:

Updated: 2026-05-07T15:43:39.136Z

Reserved: 2025-05-06T16:28:04.304Z

Link: CVE-2025-4386

cve-icon Vulnrichment

Updated: 2026-05-07T15:43:34.910Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-07T16:16:17.287

Modified: 2026-06-17T09:33:09.963

Link: CVE-2025-4386

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T18:00:11Z

Weaknesses
  • CWE-1263

    Improper Physical Access Control