CVE-2018-10631

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
medtronicn\'vision_8840_firmware
-
medtronicn\'vision_8870_firmware
-
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ics_certmedtronic_n_vision_clinician_programmer
8840_n_vision_clinician_programmer ≤
𝑥
≤ *
ADP
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104213
https://global.medtronic.com/xg-en/product-security/security-bulletins/nvision.html
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01
https://www.medtronic.com/security
https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01
https://www.medtronic.com/security