Description
Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.
Exploits (1)
References (3)
Core 3
Core References
Various Sources x_refsource_misc
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
Third Party Advisory, US Government Resource
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
Scores
CVSS v3
8.8
EPSS
0.0060
EPSS Percentile
69.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Details
CWE
CWE-367
Status
published
Products (1)
medtronic/mycarelink_smart_model_25000_firmware
Published
Dec 14, 2020
Tracked Since
Feb 18, 2026