Description
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​
Published: 2026-05-07
Score: 6.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Medtronic MyCareLink Patient Monitor includes an internal serial interface that, when accessed through a UART terminal by anyone with physical proximity, presents a login prompt. This allows an attacker to bypass device authentication and potentially gain privileged control over the monitor’s functions, affecting patient data integrity and safety. The vulnerability is classified as a hardware debug access flaw (CWE-1263).

Affected Systems

The affected systems are Medtronic MyCareLink Patient Monitor models 24950 and 24952. No specific firmware or software version information is supplied.

Risk and Exploitability

The CVSS score of 6.8 indicates medium severity. EPSS data are not provided and the vulnerability is not listed in CISA KEV. The likely attack vector is physical access to the UART debug port; once accessed, the attacker can log in and potentially change settings or read sensitive data. While exploitation requires proximity, the impact on patient safety makes this a significant concern for installations that rely on these monitors.

Generated by OpenCVE AI on May 7, 2026 at 16:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Cover or disable the UART debug port to prevent physical access
  • Implement strict physical access controls to the monitor enclosure
  • Apply any vendor firmware updates that remove or secure the debug interface

Generated by OpenCVE AI on May 7, 2026 at 16:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 07 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 07 May 2026 15:30:00 +0000

Type Values Removed Values Added
Description Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​
Title Medtronic MyCareLink Patient Monitor Hardware Debug Port
Weaknesses CWE-1263
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Medtronic

Published:

Updated: 2026-05-07T15:43:39.136Z

Reserved: 2025-05-06T16:28:04.304Z

Link: CVE-2025-4386

cve-icon Vulnrichment

Updated: 2026-05-07T15:43:34.910Z

cve-icon NVD

Status : Received

Published: 2026-05-07T16:16:17.287

Modified: 2026-05-07T16:16:17.287

Link: CVE-2025-4386

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-07T16:30:15Z

Weaknesses