PT-2018-10017 · Medtronic · Medtronic N'Vision Removable Application Card 8870+1
Billy Rios
+1
·
Published
2018-07-13
·
Updated
2025-08-26
·
CVE-2018-10631
CVSS v3.1
6.6
Medium
| Vector | AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Medtronic N'Vision Clinician Programmer 8840, all versions
Medtronic N'Vision removable Application Card 8870, all versions
Description
The issue concerns the execution of application programs from the 8870 Application Card by the 8840 Clinician Programmer. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the card's contents, including binary executables. If the malicious code is designed to bypass protection mechanisms, it will be executed when the card is inserted into an 8840 Clinician Programmer.
Recommendations
For Medtronic N'Vision Clinician Programmer 8840, all versions: Restrict physical access to the 8870 Application Card to prevent modification of its contents.
For Medtronic N'Vision removable Application Card 8870, all versions: Avoid using modified or unverified Application Cards with the 8840 Clinician Programmer to minimize the risk of executing malicious code.
Fix
Missing Encryption of Sensitive Data
Protection Mechanism Failure
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Medtronic N'Vision Clinician Programmer 8840
Medtronic N'Vision Removable Application Card 8870