CVE-2023-25931 — MEDIUM (6.4)

Vulnerability Description

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.

CVSS Score

6.4

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Medtronic	Interstim X Clinician	a51300
Medtronic	Micro Clinician	a51200

Related Weaknesses (CWE)

CWE-287 CWE-620

References

https://global.medtronic.com/xg-en/product-security/security-bulletins/pelvic-heVendor Advisory
https://global.medtronic.com/xg-en/product-security/security-bulletins/pelvic-heVendor Advisory

FAQ

What is CVE-2023-25931?

CVE-2023-25931 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updatin...

How severe is CVE-2023-25931?

CVE-2023-25931 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25931?

Check the references section above for vendor advisories and patch information. Affected products include: Medtronic Interstim X Clinician, Medtronic Micro Clinician.