Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv3

CVE-2019-6540

Published: 26/03/2019 Updated: 03/11/2021
CVSS v2 Base Score: 3.3 | Impact Score: 2.9 | Exploitability Score: 6.5
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 294
Vector: AV:A/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Medtronic

Vulnerability Summary

The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

medtronic mycarelink_monitor_24950_firmware -

medtronic mycarelink_monitor_24952_firmware -

medtronic carelink_monitor_2490c_firmware -

medtronic carelink_2090_firmware -

medtronic amplia_crt-d_firmware -

medtronic claria_crt-d_firmware -

medtronic compia_crt-d_firmware -

medtronic concerto_crt-d_firmware -

medtronic concerto_ii_crt-d_firmware -

medtronic consulta_crt-d_firmware -

medtronic evera_icd_firmware -

medtronic maximo_ii_crt-d_firmware -

medtronic maximo_ii_icd_firmware -

medtronic mirro_icd_firmware -

medtronic nayamed_nd_icd_firmware -

medtronic primo_icd_firmware -

medtronic protecta_icd_firmware -

medtronic protecta_crt-d_firmware -

medtronic secura_icd_firmware -

medtronic virtuoso_icd_firmware -

medtronic virtuoso_ii_icd_firmware -

medtronic visia_af_icd_firmware -

medtronic viva_crt-d_firmware -

Recent Articles

Don't have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)
The Register • Shaun Nichols in San Francisco • 22 Mar 2019

US govt sounds alarm over wireless comms, caveats apply Pain in the brain! Kaspersky warns of hackable brain implants

Medical gear maker Medtronic is once again at the center of a hacker panic storm. This time, a number of its heart defibrillators, implanted in patients' chests, can, in certain circumstances, be wirelessly hijacked and reprogrammed, perhaps to lethal effect. On Thursday, the US government's Dept of Homeland Security issued an alert over two CVE-listed vulnerabilities in Medtronic's wireless communications system Conexus, which is used by some of its heart defibrillators and their control units....

Read more...

References

CWE-319https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01http://www.securityfocus.com/bid/107544https://nvd.nist.govhttps://www.theregister.co.uk/2019/03/22/medtronic_implanted_defibrillator_hackable/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook