Description
The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.
References (4)
Core 4
Core References
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01
Vendor Advisory
https://www.medtronic.com/security
Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/104213
Scores
CVSS v3
6.3
EPSS
0.0041
EPSS Percentile
32.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-693
Status
published
Products (2)
medtronic/n\'vision_8840_firmware
medtronic/n\'vision_8870_firmware
Published
Jul 13, 2018
Tracked Since
Feb 18, 2026