CVE-2018-18984 — MEDIUM (4.6)

Vulnerability Description

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest .

CVSS Score

4.6

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Medtronic	Carelink 2090 Programmer Firmware	All versions
Medtronic	Carelink 2090 Programmer	-
Medtronic	Carelink 9790 Programmer Firmware	All versions
Medtronic	Carelink 9790 Programmer	-
Medtronic	29901 Encore Programmer Firmware	All versions
Medtronic	29901 Encore Programmer	-

Related Weaknesses (CWE)

CWE-312 CWE-311

References

http://www.securityfocus.com/bid/106215Third Party AdvisoryVDB Entry
https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-
https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/106215Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-18984?

CVE-2018-18984 is a vulnerability with a CVSS score of 4.6 (MEDIUM). Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest .

How severe is CVE-2018-18984?

CVE-2018-18984 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-18984?

Check the references section above for vendor advisories and patch information. Affected products include: Medtronic Carelink 2090 Programmer Firmware, Medtronic Carelink 2090 Programmer, Medtronic Carelink 9790 Programmer Firmware, Medtronic Carelink 9790 Programmer, Medtronic 29901 Encore Programmer Firmware.