Lucene search

[email protected]NVD:CVE-2019-6538

HistoryMar 25, 2019 - 10:29 p.m.

CVE-2019-6538

2019-03-2522:29:00

CWE-862

CWE-306

CWE-284

[email protected]

web.nvd.nist.gov

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.

Affected configurations

Nvd

Node

medtronicmycarelink_monitor_firmwareMatch24950

medtronicmycarelink_monitor_firmwareMatch24952

AND

medtronicmycarelink_monitorMatch-

Node

medtroniccarelink_monitor_firmwareMatch2490c

AND

medtroniccarelink_monitorMatch-

Node

medtroniccarelink_2090_firmwareMatch-

AND

medtroniccarelink_2090Match-

Node

medtronicamplia_crt-d_firmwareMatch-

AND

medtronicamplia_crt-dMatch-

Node

medtronicclaria_crt-d_firmwareMatch-

AND

medtronicclaria_crt-dMatch-

Node

medtroniccompia_crt-d_firmwareMatch-

AND

medtroniccompia_crt-dMatch-

Node

medtronicconcerto_crt-d_firmwareMatch-

AND

medtronicconcerto_crt-dMatch-

Node

medtronicconcerto_ii_crt-d_firmwareMatch-

AND

medtronicconcerto_ii_crt-dMatch-

Node

medtronicconsulta_crt-d_firmwareMatch-

AND

medtronicconsulta_crt-dMatch-

Node

medtronicevera_icd_firmwareMatch-

AND

medtronicevera_icdMatch-

Node

medtronicmaximo_ii_crt-d_and_lcd_firmwareMatch-

AND

medtronicmaximo_ii_crt-d_and_lcdMatch-

Node

medtronicmirro_icd_firmwareMatch-

AND

medtronicmirro_icdMatch-

Node

medtronicnayamed_nd_icd_firmwareMatch-

AND

medtronicnayamed_nd_icdMatch-

Node

medtronicprimo_icd_firmwareMatch-

AND

medtronicprimo_icdMatch-

Node

medtronicprotecta_icd_and_crt-d_firmwareMatch-

AND

medtronicprotecta_icd_and_crt-dMatch-

Node

medtronicsecura_icd_firmwareMatch-

AND

medtronicsecura_icdMatch-

Node

medtronicvirtuoso_icd_firmwareMatch-

AND

medtronicvirtuoso_icdMatch-

Node

medtronicvirtuoso_ii_icd_firmwareMatch-

AND

medtronicvirtuoso_ii_icdMatch-

Node

medtronicvisia_af_icd_firmwareMatch-

AND

medtronicvisia_af_icdMatch-

Node

medtronicviva_crt-d_firmwareMatch-

AND

medtronicviva_crt-dMatch-

VendorProductVersionCPE
medtronicmycarelink_monitor_firmware24950cpe:2.3:o:medtronic:mycarelink_monitor_firmware:24950:*:*:*:*:*:*:*
medtronicmycarelink_monitor_firmware24952cpe:2.3:o:medtronic:mycarelink_monitor_firmware:24952:*:*:*:*:*:*:*
medtronicmycarelink_monitor-cpe:2.3:h:medtronic:mycarelink_monitor:-:*:*:*:*:*:*:*
medtroniccarelink_monitor_firmware2490ccpe:2.3:o:medtronic:carelink_monitor_firmware:2490c:*:*:*:*:*:*:*
medtroniccarelink_monitor-cpe:2.3:h:medtronic:carelink_monitor:-:*:*:*:*:*:*:*
medtroniccarelink_2090_firmware-cpe:2.3:o:medtronic:carelink_2090_firmware:-:*:*:*:*:*:*:*
medtroniccarelink_2090-cpe:2.3:h:medtronic:carelink_2090:-:*:*:*:*:*:*:*
medtronicamplia_crt-d_firmware-cpe:2.3:o:medtronic:amplia_crt-d_firmware:-:*:*:*:*:*:*:*
medtronicamplia_crt-d-cpe:2.3:h:medtronic:amplia_crt-d:-:*:*:*:*:*:*:*
medtronicclaria_crt-d_firmware-cpe:2.3:o:medtronic:claria_crt-d_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
medtronic	mycarelink_monitor_firmware	24950	cpe:2.3:o:medtronic:mycarelink_monitor_firmware:24950:::::::*
medtronic	mycarelink_monitor_firmware	24952	cpe:2.3:o:medtronic:mycarelink_monitor_firmware:24952:::::::*
medtronic	mycarelink_monitor	-	cpe:2.3:h:medtronic:mycarelink_monitor:-:::::::*
medtronic	carelink_monitor_firmware	2490c	cpe:2.3:o:medtronic:carelink_monitor_firmware:2490c:::::::*
medtronic	carelink_monitor	-	cpe:2.3:h:medtronic:carelink_monitor:-:::::::*
medtronic	carelink_2090_firmware	-	cpe:2.3:o:medtronic:carelink_2090_firmware:-:::::::*
medtronic	carelink_2090	-	cpe:2.3:h:medtronic:carelink_2090:-:::::::*
medtronic	amplia_crt-d_firmware	-	cpe:2.3:o:medtronic:amplia_crt-d_firmware:-:::::::*
medtronic	amplia_crt-d	-	cpe:2.3:h:medtronic:amplia_crt-d:-:::::::*
medtronic	claria_crt-d_firmware	-	cpe:2.3:o:medtronic:claria_crt-d_firmware:-:::::::*

Rows per page:

1-10 of 411

References

www.securityfocus.com/bid/107544

ics-cert.us-cert.gov/advisories/ICSMA-19-080-01

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:L/Au:N/C:N/I:P/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

31.0%

JSON

Related for NVD:CVE-2019-6538

cvelist1 cve1 prion1 thn1 ics1 threatpost2