Vulnerability Description
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can exploit other vulnerabilities to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Medtronic | 24950 Mycarelink Monitor Firmware | - |
| Medtronic | 24950 Mycarelink Monitor | - |
| Medtronic | 24952 Mycarelink Monitor Firmware | - |
| Medtronic | 24952 Mycarelink Monitor | - |
Related Weaknesses (CWE)
References
- https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelin
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01Third Party AdvisoryUS Government Resource
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-8868?
CVE-2018-8868 is a vulnerability with a CVSS score of 6.2 (MEDIUM). Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monit...
How severe is CVE-2018-8868?
CVE-2018-8868 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-8868?
Check the references section above for vendor advisories and patch information. Affected products include: Medtronic 24950 Mycarelink Monitor Firmware, Medtronic 24950 Mycarelink Monitor, Medtronic 24952 Mycarelink Monitor Firmware, Medtronic 24952 Mycarelink Monitor.