CVE-2023-25931

MEDIUM

Medtronic Interstim X Clinician - Authentication Bypass

Title source: rule

Description

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.

References (1)

[Vendor Advisory] https://global.medtronic.com/xg-en/product-security/security-bulletins/pelvic-health-interstim-micro.html

Scores

CVSS v3 6.4

EPSS 0.0013

EPSS Percentile 32.2%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-620 CWE-287

Status published

Products (2)

medtronic/interstim_x_clinician a51300

medtronic/micro_clinician a51200

Published Mar 01, 2023

Tracked Since Feb 18, 2026