Medtronic: >> Mycarelink 24950 Patient Monitor Firmware Security Vulnerabilities
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
CVSS Score
7.1
EPSS Score
0.001
Published
2018-08-10
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.
CVSS Score
4.4
EPSS Score
0.0
Published
2018-08-10