CVE-2018-8870

Published: Jul 3, 2018Modified: May 22, 2025

6.8

Vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Affected (2)

Products: Medtronic: 24950 Mycarelink Monitor Firmware, 24952 Mycarelink Monitor Firmware

2 products

24950 Mycarelink Monitor Firmware

24952 Mycarelink Monitor Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Medtronic 24950 Mycarelink Monitor Firmware	All versions

Running on/with	Platform Versions
Medtronic 24950 Mycarelink Monitor	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Medtronic 24952 Mycarelink Monitor Firmware	All versions

Running on/with	Platform Versions
Medtronic 24952 Mycarelink Monitor	All versions

Related CWEs

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (3)

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html

Source: ics-cert@hq.dhs.gov

https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.