CVE-2018-10622

MEDIUM

Medtronic MyCareLink Patient Monitor - Info Disclosure

Title source: llm

Description

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.

References (3)

[Various Sources] https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/105042

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01

Scores

CVSS v3 4.9

EPSS 0.0006

EPSS Percentile 18.5%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-522 CWE-257

Status published

Affected Products (2)

medtronic/mycarelink_24952_patient_monitor_firmware

medtronic/mycarelink_24950_patient_monitor_firmware

Timeline

Published Aug 10, 2018

Tracked Since Feb 18, 2026