7.1
CVE-2018-10622
- EPSS 0.36%
- Veröffentlicht 10.08.2018 18:29:00
- Zuletzt bearbeitet 22.06.2026 21:16:22
- Quelle security@medtronic.com
- CVE-Watchlists
- Unerledigt
LoginMedtronic MyCareLink 24950 Patient Monitor Storing Passwords in a Recoverable Format
Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.278 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 0.5 | 6 |
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
| security@medtronic.com | 5.2 | 0.9 | 4.2 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
|
CWE-313 Cleartext Storage in a File or on Disk
The product stores sensitive information in cleartext in a file, or on disk.
CWE-522 Insufficiently Protected Credentials
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
http://www.securityfocus.com/bid/105042
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.json