CVE-2018-8870 Vulnerability Details

  /     /     /  

CVE-2018-8870 Metadata Quick Info

CVE Published: 02/07/2018 | CVE Updated: 16/09/2024 | CVE Year: 2018
Source: icscert | Vendor: ICS-CERT | Product: Medtronic MyCareLink Patient Monitor
Status : PUBLISHED

---

CVE-2018-8870 Description

Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-259
CWE Name: USE OF HARD-CODED PASSWORD CWE-259
Source: ICS-CERT

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).