CVE-2019-6540

EPSS 0.2%
Veröffentlicht 26.03.2019 18:29:01
Zuletzt bearbeitet 22.05.2025 20:15:21
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Medtronic Conexus Radio Frequency Telemetry Protocol Cleartext Transmission of Sensitive Information

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

NVD 23 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Medtronic ≫ Mycarelink Monitor 24950 Firmware Version-

Medtronic ≫ Mycarelink Monitor 24950 Version-

Medtronic ≫ Mycarelink Monitor 24952 Firmware Version-

Medtronic ≫ Mycarelink Monitor 24952 Version-

Medtronic ≫ Carelink Monitor 2490c Firmware Version-

Medtronic ≫ Carelink Monitor 2490c Version-

Medtronic ≫ Carelink 2090 Firmware Version-

Medtronic ≫ Carelink 2090 Version-

Medtronic ≫ Amplia Crt-d Firmware Version-

Medtronic ≫ Amplia Crt-d Version-

Medtronic ≫ Claria Crt-d Firmware Version-

Medtronic ≫ Claria Crt-d Version-

Medtronic ≫ Compia Crt-d Firmware Version-

Medtronic ≫ Compia Crt-d Version-

Medtronic ≫ Concerto Crt-d Firmware Version-

Medtronic ≫ Concerto Crt-d Version-

Medtronic ≫ Concerto Ii Crt-d Firmware Version-

Medtronic ≫ Concerto Ii Crt-d Version-

Medtronic ≫ Consulta Crt-d Firmware Version-

Medtronic ≫ Consulta Crt-d Version-

Medtronic ≫ Evera Icd Firmware Version-

Medtronic ≫ Evera Icd Version-

Medtronic ≫ Maximo Ii Crt-d Firmware Version-

Medtronic ≫ Maximo Ii Crt-d Version-

Medtronic ≫ Maximo Ii Icd Firmware Version-

Medtronic ≫ Maximo Ii Icd Version-

Medtronic ≫ Mirro Icd Firmware Version-

Medtronic ≫ Mirro Icd Version-

Medtronic ≫ Nayamed Nd Icd Firmware Version-

Medtronic ≫ Nayamed Nd Icd Version-

Medtronic ≫ Primo Icd Firmware Version-

Medtronic ≫ Primo Icd Version-

Medtronic ≫ Protecta Icd Firmware Version-

Medtronic ≫ Protecta Icd Version-

Medtronic ≫ Protecta Crt-d Firmware Version-

Medtronic ≫ Protecta Crt-d Version-

Medtronic ≫ Secura Icd Firmware Version-

Medtronic ≫ Secura Icd Version-

Medtronic ≫ Virtuoso Icd Firmware Version-

Medtronic ≫ Virtuoso Icd Version-

Medtronic ≫ Virtuoso Ii Icd Firmware Version-

Medtronic ≫ Virtuoso Ii Icd Version-

Medtronic ≫ Visia Af Icd Firmware Version-

Medtronic ≫ Visia Af Icd Version-

Medtronic ≫ Viva Crt-d Firmware Version-

Medtronic ≫ Viva Crt-d Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.093

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	3.3	6.5	2.9	AV:A/AC:L/Au:N/C:P/I:N/A:N
ics-cert@hq.dhs.gov	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

http://www.securityfocus.com/bid/107544

Broken Link

https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2019-6540

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-6540

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-6540

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-6540