Sign-up

ID

VAR-201807-0328


CVE

CVE-2018-10631


TITLE

Medtronic 8840 N'Vision Clinician Programmer and 8870 N'Vision removable Application Card Vulnerability in protection mechanism

Trust: 0.8

sources: JVNDB: JVNDB-2018-007971

DESCRIPTION

The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer. Medtronic 8840 N'Vision Clinician Programmer and 8870 N'Vision removable Application Card Contains a vulnerability related to failure of the protection mechanism.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. 8870 N\'\'Vision removable Application Card is a flash memory card

Trust: 1.8

sources: NVD: CVE-2018-10631 // JVNDB: JVNDB-2018-007971 // VULHUB: VHN-120410 // VULMON: CVE-2018-10631

AFFECTED PRODUCTS

vendor:medtronicmodel:n\'vision 8840scope:eqversion: -

Trust: 1.6

vendor:medtronicmodel:n\'vision 8870scope:eqversion: -

Trust: 1.6

vendor:medtronicmodel:8840 n’vision clinician programmerscope: - version: -

Trust: 0.8

vendor:medtronicmodel:8870 n’vision removable application cardscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2018-007971 // CNNVD: CNNVD-201807-1161 // NVD: CVE-2018-10631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10631
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2018-10631
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-10631
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201807-1161
value: MEDIUM

Trust: 0.6

VULHUB: VHN-120410
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-10631
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-10631
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-120410
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10631
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

ics-cert@hq.dhs.gov: CVE-2018-10631
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.4
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-120410 // VULMON: CVE-2018-10631 // JVNDB: JVNDB-2018-007971 // CNNVD: CNNVD-201807-1161 // NVD: CVE-2018-10631 // NVD: CVE-2018-10631

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.9

sources: VULHUB: VHN-120410 // JVNDB: JVNDB-2018-007971 // NVD: CVE-2018-10631

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-1161

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201807-1161

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007971

PATCH
title:Security at Medtronicurl:http://www.medtronic.com/us-en/product-security.html?utm_source=medtronic_com_security_vanity_url&utm_medium=printordigital&utm_campaign=security_generic_vanity_url_FY17&cmpid=vanity_url_security_printordigital_FY17
Trust: 0.8
title:N’Vision 8840 Physician Programmerurl:http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-007971

EXTERNAL IDS
db:NVDid:CVE-2018-10631
Trust: 2.6
db:ICS CERTid:ICSMA-18-137-01
Trust: 2.6
db:BIDid:104213
Trust: 1.0
db:JVNDBid:JVNDB-2018-007971
Trust: 0.8
db:CNNVDid:CNNVD-201807-1161
Trust: 0.7
db:VULHUBid:VHN-120410
Trust: 0.1
db:VULMONid:CVE-2018-10631
Trust: 0.1
sources:
            
            
            VULHUB: VHN-120410 // 
            
            
            
            VULMON: CVE-2018-10631 // 
            
            
            
            JVNDB: JVNDB-2018-007971 // 
            
            
            
            CNNVD: CNNVD-201807-1161 // 
            
            
            
            NVD: CVE-2018-10631

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-137-01
Trust: 2.7
url:https://www.medtronic.com/security
Trust: 1.8
url:https://global.medtronic.com/xg-en/product-security/security-bulletins/nvision.html
Trust: 1.0
url:http://www.securityfocus.com/bid/104213
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10631
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10631
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/693.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-120410 // 
            
            
            
            VULMON: CVE-2018-10631 // 
            
            
            
            JVNDB: JVNDB-2018-007971 // 
            
            
            
            CNNVD: CNNVD-201807-1161 // 
            
            
            
            NVD: CVE-2018-10631

SOURCES
db:VULHUBid:VHN-120410
db:VULMONid:CVE-2018-10631
db:JVNDBid:JVNDB-2018-007971
db:CNNVDid:CNNVD-201807-1161
db:NVDid:CVE-2018-10631

LAST UPDATE DATE
2025-08-26T23:22:55.337000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-120410date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-10631date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007971date:2018-10-03T00:00:00
db:CNNVDid:CNNVD-201807-1161date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10631date:2025-08-26T15:15:38.060

SOURCES RELEASE DATE
db:VULHUBid:VHN-120410date:2018-07-13T00:00:00
db:VULMONid:CVE-2018-10631date:2018-07-13T00:00:00
db:JVNDBid:JVNDB-2018-007971date:2018-10-03T00:00:00
db:CNNVDid:CNNVD-201807-1161date:2018-07-13T00:00:00
db:NVDid:CVE-2018-10631date:2018-07-13T19:29:00.213