CVE-2020-25187
HIGHMedtronic Mycarelink Smart Model 25000 Firmware - Out-of-Bounds Write
Title source: ruleDescription
Medtronic MyCareLink Smart 25000 is vulnerable when an authenticated attacker runs a debug command, which can be sent to the patient reader and cause a heap overflow event within the MCL Smart Patient Reader software stack. The heap overflow could allow an attacker to remotely execute code on the MCL Smart Patient Reader, potentially leading to control of the device
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
Third Party Advisory, US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
Scores
CVSS v3
8.8
EPSS
0.0127
EPSS Percentile
79.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-122
CWE-787
Status
published
Products (1)
medtronic/mycarelink_smart_model_25000_firmware
Published
Dec 14, 2020
Tracked Since
Feb 18, 2026