CVE-2018-10622

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*

History

22 May 2025, 16:15

Type Values Removed Values Added
CVSS v2 : 1.9
v3 : 7.1
v2 : 1.9
v3 : 4.9
References
  • () https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html -
Summary (en) A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest. (en) Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.

21 Nov 2024, 03:41

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/105042 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105042 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01 - Third Party Advisory, US Government Resource

Information

Published : 2018-08-10 18:29

Updated : 2025-05-22 16:15


NVD link : CVE-2018-10622

Mitre link : CVE-2018-10622

CVE.ORG link : CVE-2018-10622


JSON object : View

Products Affected

medtronic

  • mycarelink_24952_patient_monitor_firmware
  • mycarelink_24950_patient_monitor
  • mycarelink_24952_patient_monitor
  • mycarelink_24950_patient_monitor_firmware
CWE
CWE-257

Storing Passwords in a Recoverable Format

CWE-522

Insufficiently Protected Credentials