PT-2018-14753 · Medtronic · Medtronic 2090 Carelink Programmer+2

Billy Rios

Published

2018-12-14

Updated

2020-09-18

CVE-2018-18984

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Medtronic CareLink 2090 Programmer versions (all versions) Medtronic CareLink 9790 Programmer versions (all versions) Medtronic Encore Programmer version 29901

Description The issue concerns the insufficient encryption of sensitive information, including personally identifiable information (PII) and protected health information (PHI), when the data is at rest.

Recommendations For Medtronic CareLink 2090 Programmer, consider implementing additional encryption measures to protect sensitive data. For Medtronic CareLink 9790 Programmer, consider implementing additional encryption measures to protect sensitive data. For Medtronic Encore Programmer version 29901, consider implementing additional encryption measures to protect sensitive data.

Fix

Missing Encryption of Sensitive Data

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311CWE-312

Related Identifiers

CVE-2018-18984

Affected Products

Medtronic 2090 Carelink Programmer

Medtronic Carelink 9790 Programmer

Medtronic Encore Programmer

PT-2018-14753 · Medtronic · Medtronic 2090 Carelink Programmer+2

CVE-2018-18984

Weakness Enumeration

Related Identifiers

Affected Products

References · 4