CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-25187

Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap overflow could allow an attacker to remotely execute code on the MCL Smart Patient Reader, potentially leading to control of the device

Exploit prediction scoring system (EPSS) score

EPSS Score 0.009

EPSS Ranking 74.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 10.0

References

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01

Products affected by CVE-2020-25187

Medtronic » Mycarelink Smart Model 25000 » Version: N/A

cpe:2.3:h:medtronic:mycarelink_smart_model_25000:-
Medtronic » Mycarelink Smart Model 25000 Firmware » Version: N/A

cpe:2.3:o:medtronic:mycarelink_smart_model_25000_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-25187

Products

Pricing

Contact Us