CVE-2018-8849

Published: May 18, 2018Modified: Jun 27, 2025

4.6

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.9 / Impact: 3.6

Source: NVD

Description

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.

Affected (2)

Products: Medtronic: N'vision 8840 Firmware, N'vision 8870 Firmware

Medtronic

2 products

N'vision 8840 Firmware

N'vision 8870 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Medtronic N'vision 8840 Firmware	All versions

Running on/with	Platform Versions
Medtronic N'vision 8840	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Medtronic N'vision 8870 Firmware	All versions

Running on/with	Platform Versions
Medtronic N'vision 8870	All versions

Related CWEs

CWE-311

Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

References (7)

http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf

Source: ics-cert@hq.dhs.gov

Vendor Advisory

http://www.securityfocus.com/bid/104213

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-137-01

Source: ics-cert@hq.dhs.gov

https://www.medtronic.com/security

Source: ics-cert@hq.dhs.gov

http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/104213

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.