CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-8870

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 25.5%

CVSS Severity

CVSS v3 Score 6.8

CVSS v2 Score 7.2

References

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01

Products affected by CVE-2018-8870

Medtronic » 24950 Mycarelink Monitor » Version: N/A

cpe:2.3:h:medtronic:24950_mycarelink_monitor:-
Medtronic » 24952 Mycarelink Monitor » Version: N/A

cpe:2.3:h:medtronic:24952_mycarelink_monitor:-
Medtronic » 24950 Mycarelink Monitor Firmware » Version: N/A

cpe:2.3:o:medtronic:24950_mycarelink_monitor_firmware:-
Medtronic » 24952 Mycarelink Monitor Firmware » Version: N/A

cpe:2.3:o:medtronic:24952_mycarelink_monitor_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-8870

Products

Pricing

Contact Us