Medtronic: >> Mycarelink 24950 Patient Monitor Firmware Security Vulnerabilities
Medtronic MyCareLink Patient Monitor uses per-product credentials that
are stored in a recoverable format. An attacker can use these
credentials to modify encrypted drive data.
CVSS Score
7.1
EPSS Score
0.001
Published
2018-08-10
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An
attacker who obtains per-product credentials from the monitor and paired
implantable cardiac device information can potentially upload invalid
data to the Medtronic CareLink network.
CVSS Score
4.4
EPSS Score
0.001
Published
2018-08-10