CVE-2018-18984 Information

Description

Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer all versions The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/106215 https://ics-cert.us-cert.gov/advisories/ICSMA-18-347-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

4.6