Details of VAR-201807-1690

ID

VAR-201807-1690

CVE

CVE-2018-8870

TITLE

24950 MyCareLink Monitor and 24952 MyCareLink Monitor Vulnerabilities related to the use of hard-coded credentials

Trust: 0.8

sources: JVNDB: JVNDB-2018-007256

DESCRIPTION

Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system. 24950 MyCareLink Monitor and 24952 MyCareLink Monitor Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. MyCareLinkPatientMonitor is a patient monitor product developed by Medtronic

Trust: 2.43

sources: NVD: CVE-2018-8870 // JVNDB: JVNDB-2018-007256 // CNVD: CNVD-2018-12412 // IVD: e2f5ef32-39ab-11e9-b3df-000c29342cb1 // VULHUB: VHN-138902

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f5ef32-39ab-11e9-b3df-000c29342cb1 // CNVD: CNVD-2018-12412

AFFECTED PRODUCTS

vendor:	medtronic	model:	24950 mycarelink monitor	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	24952 mycarelink monitor	scope:	eq	version:	-	Trust: 1.6
vendor:	medtronic	model:	24950 mycarelink monitor	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	24952 mycarelink monitor	scope:	-	version:	-	Trust: 0.8
vendor:	medtronic	model:	mycarelink patient monitor	scope:	eq	version:	24950	Trust: 0.6
vendor:	medtronic	model:	mycarelink patient monitor	scope:	eq	version:	24952	Trust: 0.6
vendor:	24950 mycarelink monitor	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	24952 mycarelink monitor	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2f5ef32-39ab-11e9-b3df-000c29342cb1 // CNVD: CNVD-2018-12412 // JVNDB: JVNDB-2018-007256 // CNNVD: CNNVD-201807-181 // NVD: CVE-2018-8870

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8870
value:	MEDIUM
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2018-8870
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-8870
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-12412
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201807-181
value:	MEDIUM
Trust: 0.6
IVD:	e2f5ef32-39ab-11e9-b3df-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-138902
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-8870
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12412
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f5ef32-39ab-11e9-b3df-000c29342cb1
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.2
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-138902
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8870
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.0
Trust: 1.8
ics-cert@hq.dhs.gov:	CVE-2018-8870
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.5
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: IVD: e2f5ef32-39ab-11e9-b3df-000c29342cb1 // CNVD: CNVD-2018-12412 // VULHUB: VHN-138902 // JVNDB: JVNDB-2018-007256 // CNNVD: CNNVD-201807-181 // NVD: CVE-2018-8870 // NVD: CVE-2018-8870

PROBLEMTYPE DATA

problemtype:	CWE-798	Trust: 1.9
problemtype:	CWE-259	Trust: 1.0

sources: VULHUB: VHN-138902 // JVNDB: JVNDB-2018-007256 // NVD: CVE-2018-8870

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201807-181

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-181

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-007256

PATCH

title:

MyCareLink Patient Monitor

url:

https://www.medtronic.com/uk-en/patients/treatments-therapies/fainting-heart-monitor/mycarelink-patient-monitor.html

Trust: 0.8

sources: JVNDB: JVNDB-2018-007256

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8870	Trust: 3.3
db:	ICS CERT	id:	ICSMA-18-179-01	Trust: 3.1
db:	CNNVD	id:	CNNVD-201807-181	Trust: 0.9
db:	CNVD	id:	CNVD-2018-12412	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-007256	Trust: 0.8
db:	IVD	id:	E2F5EF32-39AB-11E9-B3DF-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-138902	Trust: 0.1

sources: IVD: e2f5ef32-39ab-11e9-b3df-000c29342cb1 // CNVD: CNVD-2018-12412 // VULHUB: VHN-138902 // JVNDB: JVNDB-2018-007256 // CNNVD: CNNVD-201807-181 // NVD: CVE-2018-8870

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-179-01	Trust: 3.1
url:	https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-6-28-18.html	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8870	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8870	Trust: 0.8

sources: CNVD: CNVD-2018-12412 // VULHUB: VHN-138902 // JVNDB: JVNDB-2018-007256 // CNNVD: CNNVD-201807-181 // NVD: CVE-2018-8870

SOURCES

db:	IVD	id:	e2f5ef32-39ab-11e9-b3df-000c29342cb1
db:	CNVD	id:	CNVD-2018-12412
db:	VULHUB	id:	VHN-138902
db:	JVNDB	id:	JVNDB-2018-007256
db:	CNNVD	id:	CNNVD-201807-181
db:	NVD	id:	CVE-2018-8870

LAST UPDATE DATE

2025-05-23T23:00:43.474000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12412	date:	2018-07-02T00:00:00
db:	VULHUB	id:	VHN-138902	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-007256	date:	2018-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-181	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-8870	date:	2025-05-22T19:15:22.237

SOURCES RELEASE DATE

db:	IVD	id:	e2f5ef32-39ab-11e9-b3df-000c29342cb1	date:	2018-07-02T00:00:00
db:	CNVD	id:	CNVD-2018-12412	date:	2018-07-02T00:00:00
db:	VULHUB	id:	VHN-138902	date:	2018-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-007256	date:	2018-09-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-181	date:	2018-07-04T00:00:00
db:	NVD	id:	CVE-2018-8870	date:	2018-07-03T01:29:01.940