Description
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.
References (5)
Core 5
Core References
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01
Various Sources
https://www.medtronic.com/security
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104213
Third Party Advisory, US Government Resource x_refsource_misc
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01
Vendor Advisory x_refsource_confirm
http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf
Scores
CVSS v3
4.6
EPSS
0.0033
EPSS Percentile
24.6%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-311
Status
published
Products (2)
medtronic/n\'vision_8840_firmware
medtronic/n\'vision_8870_firmware
Published
May 18, 2018
Tracked Since
Feb 18, 2026