CVE-2018-10626
Medtronic MyCareLink 24950 Patient Monitor Insufficient Verification of Data Authenticity
Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An
attacker who obtains per-product credentials from the monitor and paired
implantable cardiac device information can potentially upload invalid
data to the Medtronic CareLink network.
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.jsonhttps://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.htmlhttps://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01http://www.securityfocus.com/bid/105042