QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10626

Published: Aug 10, 2018

Modified: May 19, 2026

PUBLISHED

CVSS v3.1

4.4

MEDIUM

Description

Medtronic MyCareLink Patient Monitor’s update service does not sufficiently verify the authenticity of the data uploaded. An attacker who obtains per-product credentials from the monitor and paired implantable cardiac device information can potentially upload invalid data to the Medtronic CareLink network.

Vendor	Product	Versions
Medtronic	24950 MyCareLink Monitor	affected `All versions`
Medtronic	24952 MyCareLink Monitor	affected `All versions`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

http://www.securityfocus.com/bid/105042

vdb-entry

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-219-01

https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2018/icsma-18-219-01.json

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.