CVE-2023-25931

Published: Mar 1, 2023

Modified: Mar 7, 2025

PUBLISHED

CVSS v3.1

6.4

MEDIUM

Description

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Not updating could potentially result in unauthorized control of the clinician therapy application, which has greater control over therapy parameters than the patient app. Changes still cannot be made outside of the established therapy parameters of the programmer. For unauthorized access to occur, an individual would need physical access to the Smart Programmer.

Vendor	Product	Versions
Medtronic	InsterStim Applications	affected `Micro Clinician - < A51200` affected `InterStim X Clinician - < A51300`

Weaknesses (CWE)

CWE-620

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

References

https://global.medtronic.com/xg-en/product-security/security-bulletins/pelvic-health-interstim-micro.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-25931

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References