CVE-2018-10631

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions. The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01 Third Party Advisory US Government Resource
https://www.medtronic.com/security Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01 Third Party Advisory US Government Resource
https://www.medtronic.com/security Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:medtronic:n\'vision_8840_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:n\'vision_8840:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:medtronic:n\'vision_8870_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:n\'vision_8870:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:41

Type Values Removed Values Added
References () https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01 - Third Party Advisory, US Government Resource
References () https://www.medtronic.com/security - Vendor Advisory () https://www.medtronic.com/security - Vendor Advisory

19 Aug 2024, 19:35

Type Values Removed Values Added
CVSS v2 : 4.6
v3 : 6.8
v2 : 4.6
v3 : 6.6
CWE CWE-284

Information

Published : 2018-07-13 19:29

Updated : 2024-11-21 03:41


NVD link : CVE-2018-10631

Mitre link : CVE-2018-10631

CVE.ORG link : CVE-2018-10631


JSON object : View

Products Affected

medtronic

  • n\'vision_8870_firmware
  • n\'vision_8870
  • n\'vision_8840
  • n\'vision_8840_firmware
CWE
CWE-693

Protection Mechanism Failure

CWE-284

Improper Access Control