Description
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.
References (2)
Core 2
Core References
Various Sources
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html
Third Party Advisory, US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01
Scores
CVSS v3
6.4
EPSS
0.0036
EPSS Percentile
27.8%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-259
CWE-798
Status
published
Products (2)
medtronic/24950_mycarelink_monitor_firmware
medtronic/24952_mycarelink_monitor_firmware
Published
Jul 03, 2018
Tracked Since
Feb 18, 2026