{ "containers": { "cna": { "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2026-05-19T14:32:21.570Z" }, "title": "Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity", "datePublic": "2018-08-07T06:00:00.000Z", "problemTypes": [ { "descriptions": [ { "lang": "en", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "type": "CWE" } ] } ], "affected": [ { "vendor": "Medtronic", "product": "24950 MyCareLink Monitor", "versions": [ { "status": "affected", "version": "All versions" } ], "defaultStatus": "unaffected" }, { "vendor": "Medtronic", "product": "24952 MyCareLink Monitor", "versions": [ { "status": "affected", "version": "All versions" } ], "defaultStatus": "unaffected" } ], "descriptions": [ { "lang": "en", "value": "Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An \nattacker who obtains per-product credentials from the monitor and paired\n implantable cardiac device information can potentially upload invalid \ndata to the Medtronic CareLink network.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An \nattacker who obtains per-product credentials from the monitor and paired\n implantable cardiac device information can potentially upload invalid \ndata to the Medtronic CareLink network.\n\n
" } ] } ], "references": [ { "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html", "name": "105042" }, { "url": "http://www.securityfocus.com/bid/105042", "tags": [ "vdb-entry" ] }, { "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01" }, { "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.json" } ], "metrics": [ { "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ], "cvssV3_1": { "version": "3.1", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N" } } ], "workarounds": [ { "lang": "en", "value": "Medtronic has made server-side updates to address this insufficient \nverification vulnerability. Medtronic is \nimplementing additional server-side mitigations to enhance data \nintegrity and authenticity.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Medtronic has made server-side updates to address this insufficient \nverification vulnerability. Medtronic is \nimplementing additional server-side mitigations to enhance data \nintegrity and authenticity." } ] }, { "lang": "en", "value": "Medtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n\n * Maintain good physical control over the home monitor.\n * Only use home monitors obtained directly from their healthcare \nprovider or a Medtronic representative to ensure integrity of the \nsystem.", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Medtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:
\nMedtronic has released additional patient focused information, at the following location:
\nhttps://www.medtronic.com/security
" } ] }, { "lang": "en", "value": "Users should follow CISA's guidance in the following areas:\n\n* Securing the Internet of Things https://www.cisa.gov/news-events/news/securing-internet-things-iot \n\n* Home Network Security https://www.cisa.gov/news-events/news/home-network-security", "supportingMedia": [ { "type": "text/html", "base64": false, "value": "Users should follow CISA's guidance in the following areas: