Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An \nattacker who obtains per-product credentials from the monitor and paired\n implantable cardiac device information can potentially upload invalid \ndata to the Medtronic CareLink network.\n\n
"}]}],"references":[{"url":"https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-8-7-18.html","name":"105042"},{"url":"http://www.securityfocus.com/bid/105042","tags":["vdb-entry"]},{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01"},{"url":"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.json"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"ADJACENT_NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseSeverity":"MEDIUM","baseScore":4.4,"vectorString":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}}],"workarounds":[{"lang":"en","value":"Medtronic has made server-side updates to address this insufficient \nverification vulnerability. Medtronic is \nimplementing additional server-side mitigations to enhance data \nintegrity and authenticity.","supportingMedia":[{"type":"text/html","base64":false,"value":"Medtronic has made server-side updates to address this insufficient \nverification vulnerability. Medtronic is \nimplementing additional server-side mitigations to enhance data \nintegrity and authenticity."}]},{"lang":"en","value":"Medtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:\n\n\n * Maintain good physical control over the home monitor.\n * Only use home monitors obtained directly from their healthcare \nprovider or a Medtronic representative to ensure integrity of the \nsystem.","supportingMedia":[{"type":"text/html","base64":false,"value":"Medtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:
\nMedtronic has released additional patient focused information, at the following location:
\nhttps://www.medtronic.com/security
"}]},{"lang":"en","value":"Users should follow CISA's guidance in the following areas:\n\n* Securing the Internet of Things https://www.cisa.gov/news-events/news/securing-internet-things-iot \n\n* Home Network Security https://www.cisa.gov/news-events/news/home-network-security","supportingMedia":[{"type":"text/html","base64":false,"value":"Users should follow CISA's guidance in the following areas: