← back
CVE-2023-31222

Medtronic Paceart MSMQ Deserialization of Untrusted Data

CVSS 9.8 CRITICALEPSS 25.8%CWE-502
Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Medtronic · Paceart Optima

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://global.medtronic.com/xg-en/product-security/security-bulletins/paceart-optima-system.html