CareLink 2090 Programmer
by Medtronic
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-10596 | Hig | 0.46 | 7.1 | 0.01 | Jul 3, 2018 | Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based… | ||
| CVE-2018-5446 | Med | 0.32 | 4.9 | 0.00 | May 4, 2018 | Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format. | ||
| CVE-2018-5448 | Med | 0.31 | 4.8 | 0.01 | May 4, 2018 | Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system. | ||
| CVE-2019-6540 | 0.00 | — | 0.00 | Mar 26, 2019 | The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D… | |||
| CVE-2019-6538 | 0.00 | — | 0.01 | Mar 25, 2019 | The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D… | |||
| CVE-2018-18984 | 0.00 | — | 0.00 | Dec 14, 2018 | Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest . |
- risk 0.46cvss 7.1epss 0.01
Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based…
- risk 0.32cvss 4.9epss 0.00
Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.
- risk 0.31cvss 4.8epss 0.01
Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.
- CVE-2019-6540Mar 26, 2019risk 0.00cvss —epss 0.00
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D…
- CVE-2019-6538Mar 25, 2019risk 0.00cvss —epss 0.01
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D…
- CVE-2018-18984Dec 14, 2018risk 0.00cvss —epss 0.00
Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest .