{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "24950 MyCareLink Monitor", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "24952 MyCareLink Monitor", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Peter Morgan of Clever Security reported this vulnerability" } ], "datePublic": "2018-06-29T06:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.
" } ], "value": "Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-259", "description": "CWE-259", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-05-22T18:10:03.426Z" }, "references": [ { "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html" }, { "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01" } ], "solutions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Medtronic has released additional patient focused information, at the following location:
https://www.medtronic.com/security
\n\nMedtronic recommends users take additional defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Medtronic has released additional patient focused information, at the following location:
https://www.medtronic.com/security
\n\n