CVE-2018-8849

MEDIUM

Medtronic N'Vision - Info Disclosure

Title source: llm

Description

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.

References (5)

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01

[Various Sources] https://www.medtronic.com/security

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104213

[Third Party Advisory, US Government Resource] https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01

[Vendor Advisory] http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf

Scores

CVSS v3 4.6

EPSS 0.0008

EPSS Percentile 24.1%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-311

Status published

Products (2)

medtronic/n\'vision_8840_firmware

medtronic/n\'vision_8870_firmware

Published May 18, 2018

Tracked Since Feb 18, 2026