CVE-2018-8849
Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data
Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Medtronic · 8870 N’Vision removable Application CardMedtronic · N'Vision Clinician ProgrammerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01https://www.medtronic.com/securityhttp://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdfhttp://www.securityfocus.com/bid/104213