Sign-up

ID

VAR-201805-1110


CVE

CVE-2018-5446


TITLE

Medtronic 2090 Carelink Programmer Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-004578

DESCRIPTION

Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. Medtronic 2090 CareLink Programmer is a set of portable computer products produced by American Medtronic Company. This product is used to manage and program cardiac equipment in the medical industry. An attacker could exploit this vulnerability to obtain credentials into a software deployment network

Trust: 1.71

sources: NVD: CVE-2018-5446 // JVNDB: JVNDB-2018-004578 // VULHUB: VHN-135477

AFFECTED PRODUCTS

vendor:medtronicmodel:2090 carelink programmerscope: - version: -

Trust: 1.4

vendor:medtronicmodel:2090 carelink programmerscope:eqversion:*

Trust: 1.0

sources: JVNDB: JVNDB-2018-004578 // CNNVD: CNNVD-201803-770 // NVD: CVE-2018-5446

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5446
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2018-5446
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-5446
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201803-770
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135477
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-5446
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-135477
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5446
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 4.0
version: 3.0

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2018-5446
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.5
impactScore: 4.0
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-135477 // JVNDB: JVNDB-2018-004578 // CNNVD: CNNVD-201803-770 // NVD: CVE-2018-5446 // NVD: CVE-2018-5446

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-257

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-135477 // JVNDB: JVNDB-2018-004578 // NVD: CVE-2018-5446

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201803-770

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-770

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004578

PATCH
title:Top Pageurl:http://www.medtronic.com/us-en/index.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004578

EXTERNAL IDS
db:NVDid:CVE-2018-5446
Trust: 2.5
db:ICS CERTid:ICSMA-18-058-01
Trust: 2.5
db:JVNDBid:JVNDB-2018-004578
Trust: 0.8
db:CNNVDid:CNNVD-201803-770
Trust: 0.7
db:AUSCERTid:ESB-2018.0582.2
Trust: 0.6
db:VULHUBid:VHN-135477
Trust: 0.1
sources:
            
            
            VULHUB: VHN-135477 // 
            
            
            
            JVNDB: JVNDB-2018-004578 // 
            
            
            
            CNNVD: CNNVD-201803-770 // 
            
            
            
            NVD: CVE-2018-5446

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-058-01
Trust: 3.1
url:https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html
Trust: 1.0
url:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-058-01
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5446
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5446
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2018.0582.2/
Trust: 0.6
url:https://www.us-cert.gov/ics/advisories/icsma-18-058-01
Trust: 0.6
sources:
            
            
            VULHUB: VHN-135477 // 
            
            
            
            JVNDB: JVNDB-2018-004578 // 
            
            
            
            CNNVD: CNNVD-201803-770 // 
            
            
            
            NVD: CVE-2018-5446

SOURCES
db:VULHUBid:VHN-135477
db:JVNDBid:JVNDB-2018-004578
db:CNNVDid:CNNVD-201803-770
db:NVDid:CVE-2018-5446

LAST UPDATE DATE
2025-05-23T23:07:18.433000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-135477date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-004578date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201803-770date:2020-02-25T00:00:00
db:NVDid:CVE-2018-5446date:2025-05-22T18:15:22.840

SOURCES RELEASE DATE
db:VULHUBid:VHN-135477date:2018-05-04T00:00:00
db:JVNDBid:JVNDB-2018-004578date:2018-06-25T00:00:00
db:CNNVDid:CNNVD-201803-770date:2018-03-22T00:00:00
db:NVDid:CVE-2018-5446date:2018-05-04T18:29:00.523