CVE-2018-10622

A vulnerability was discovered in all versions of Medtronic MyCareLink 24950 and 24952 Patient Monitor. The affected products use per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication and encryption of local data at rest.
References
Link Resource
http://www.securityfocus.com/bid/105042 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:medtronic:mycarelink_24952_patient_monitor_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:mycarelink_24952_patient_monitor:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:medtronic:mycarelink_24950_patient_monitor_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:mycarelink_24950_patient_monitor:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-08-10 18:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-10622

Mitre link : CVE-2018-10622

CVE.ORG link : CVE-2018-10622


JSON object : View

Products Affected

medtronic

  • mycarelink_24952_patient_monitor
  • mycarelink_24952_patient_monitor_firmware
  • mycarelink_24950_patient_monitor_firmware
  • mycarelink_24950_patient_monitor
CWE
CWE-522

Insufficiently Protected Credentials

CWE-257

Storing Passwords in a Recoverable Format