CVE-2018-10631

MEDIUM

8840 Clinician Programmer - Code Injection

Title source: llm

Description

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.

References (4)

[Various Sources] https://global.medtronic.com/xg-en/product-security/security-bulletins/nvision.html

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01

[Vendor Advisory] https://www.medtronic.com/security

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104213

Scores

CVSS v3 6.3

EPSS 0.0015

EPSS Percentile 35.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-693

Status published

Affected Products (2)

medtronic/n\'vision_8840_firmware

medtronic/n\'vision_8870_firmware

Timeline

Published Jul 13, 2018

Tracked Since Feb 18, 2026