VYPR
Vendor

Medtronic

Products
45
CVEs
35
Across products
62
Status
Private

Products

45
View all 45 products →

Recent CVEs

35
View all 35 CVEs →
  • CVE-2018-10596HigJul 3, 2018
    risk 0.46cvss 7.1epss 0.01

    Medtronic 2090 CareLink Programmer uses a virtual private network connection to securely download updates. It does not verify it is still connected to this virtual private network before downloading updates. The affected products initially establish an encapsulated IP-based…

  • CVE-2025-4397MedMay 7, 2026
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials to modify encrypted drive data.

  • CVE-2025-4386MedMay 7, 2026
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal.​

  • CVE-2025-4395MedJul 24, 2025
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor has a built-in user account with an empty password, which allows an attacker with physical access to log in with no password and access modify system functionality. This issue affects MyCareLink Patient Monitor models 24950 and 24952:…

  • CVE-2025-4394MedJul 24, 2025
    risk 0.44cvss 6.8epss 0.00

    Medtronic MyCareLink Patient Monitor uses an unencrypted filesystem on internal storage, which allows an attacker with physical access to read and modify files. This issue affects MyCareLink Patient Monitor models 24950 and 24952: before June 25, 2025

  • CVE-2025-4393MedJul 24, 2025
    risk 0.42cvss 6.5epss 0.00

    Medtronic MyCareLink Patient Monitor has an internal service that deserializes data, which allows a local attacker to interact with the service by crafting a binary payload to crash the service or elevate privileges. This issue affects MyCareLink Patient Monitor models 24950…

  • CVE-2018-8870MedJul 3, 2018
    risk 0.42cvss 6.4epss 0.00

    Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains a hard-coded operating system password. An attacker with physical access can remove the case of the device, connect to the debug port, and use the password to gain privileged access to the operating system.

  • CVE-2018-10631MedJul 13, 2018
    risk 0.41cvss 6.3epss 0.00

    The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to…

  • CVE-2018-8868MedJul 3, 2018
    risk 0.40cvss 6.2epss 0.00

    Medtronic 24950 MyCareLink Monitor and 24952 MyCareLink Monitor contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the…

  • CVE-2018-14781MedAug 13, 2018
    risk 0.35cvss 5.3epss 0.01

    Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller…

  • CVE-2018-10622MedAug 10, 2018
    risk 0.34cvss 5.2epss 0.00

    Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication.

  • CVE-2018-5446MedMay 4, 2018
    risk 0.32cvss 4.9epss 0.00

    Medtronic 2090 CareLink Programmer uses a per-product username and password that is stored in a recoverable format.

  • CVE-2022-32537MedDec 12, 2022
    risk 0.31cvss 4.8epss 0.00

    A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and…

  • CVE-2018-10634MedAug 13, 2018
    risk 0.31cvss 4.8epss 0.00

    Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.

  • CVE-2018-5448MedMay 4, 2018
    risk 0.31cvss 4.8epss 0.01

    Medtronic 2090 CareLink Programmer’s software deployment network contains a directory traversal vulnerability that could allow an attacker to read files on the system.

  • CVE-2018-8849MedMay 18, 2018
    risk 0.30cvss 4.6epss 0.00

    Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest.

  • CVE-2018-10626MedAug 10, 2018
    risk 0.29cvss 4.4epss 0.00

    Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data…

  • CVE-2023-31222Jun 29, 2023
    risk 0.02cvss epss 0.28

    Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be…

  • CVE-2025-12997Dec 4, 2025
    risk 0.00cvss epss 0.00

    Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects…

  • CVE-2025-12996Dec 4, 2025
    risk 0.00cvss epss 0.00

    Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.