CVE-2018-10631

{"id": "CVE-2018-10631", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2018-07-13T19:29:00.213", "references": [{"url": "http://www.securityfocus.com/bid/104213", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/nvision.html", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.medtronic.com/security", "tags": ["Vendor Advisory"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.medtronic.com/security", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-311"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-693"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer and 8870 N'Vision removable application card does not encrypt PII and PHI while at rest."}, {"lang": "es", "value": "Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, en todas las versiones, y 8870 N'Vision Application Card extra\u00edble, en todas las versiones. 8840 Clinician Programmer ejecuta el programa de la aplicaci\u00f3n desde la Application Card 8870. Un atacante con acceso f\u00edsico a la Application Card 8870 y la suficiente capacidad t\u00e9cnica puede modificar el contenido de esta tarjeta, incluyendo los ejecutables binarios. Si se modifica para omitir los mecanismos de protecci\u00f3n, este c\u00f3digo malicioso se ejecutar\u00e1 cuando la tarjeta se inserta en un 8840 Clinician Programmer."}], "lastModified": "2025-05-22T18:15:22.580", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:n\\'vision_8840_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CDE1DCE-A7D1-415B-8B50-CEC490D250DA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:n\\'vision_8840:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8999A64-FA2F-48B6-8EE2-35DC311CBEB4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:n\\'vision_8870_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "568A12CA-DAB3-4797-8223-DC74FA4E8492"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:n\\'vision_8870:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40349019-CB0F-490B-A767-64E0C38F0E33"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}