1. EXECUTIVE SUMMARY

  • CVSS v9.3 
  • ATTENTION: Exploitable with adjacent access/low skill level to exploit
  • Vendor: Medtronic
  • Equipment: MyCareLink Monitor, CareLink Monitor, CareLink 2090 Programmer, specific Medtronic implanted cardiac devices listed below
  • Vulnerabilities: Improper Access Control, Cleartext Transmission of Sensitive Information

https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01