← back
CVE-2018-8870

Medtronic MyCareLink Patient Monitor Use of Hard-coded Password

CVSS 6.4 MEDIUMEPSS 0.4%CWE-259
Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Medtronic · 24950 MyCareLink MonitorMedtronic · 24952 MyCareLink Monitor

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.htmlhttps://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01