CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-27252

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.7%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 9.3

References

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01

Products affected by CVE-2020-27252

Medtronic » Mycarelink Smart Model 25000 » Version: N/A

cpe:2.3:h:medtronic:mycarelink_smart_model_25000:-
Medtronic » Mycarelink Smart Model 25000 Firmware » Version: N/A

cpe:2.3:o:medtronic:mycarelink_smart_model_25000_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-27252

Products

Pricing

Contact Us