← Volver a CVEs
CVE-2019-6540
MEDIUM6.5
Descripcion
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/26/2019
Ultima modificacion5/22/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
medtronic:amplia_crt-dmedtronic:amplia_crt-d_firmwaremedtronic:carelink_2090medtronic:carelink_2090_firmwaremedtronic:carelink_monitor_2490cmedtronic:carelink_monitor_2490c_firmwaremedtronic:claria_crt-dmedtronic:claria_crt-d_firmwaremedtronic:compia_crt-dmedtronic:compia_crt-d_firmwaremedtronic:concerto_crt-dmedtronic:concerto_crt-d_firmwaremedtronic:concerto_ii_crt-dmedtronic:concerto_ii_crt-d_firmwaremedtronic:consulta_crt-dmedtronic:consulta_crt-d_firmwaremedtronic:evera_icdmedtronic:evera_icd_firmwaremedtronic:maximo_ii_crt-dmedtronic:maximo_ii_crt-d_firmwaremedtronic:maximo_ii_icdmedtronic:maximo_ii_icd_firmwaremedtronic:mirro_icdmedtronic:mirro_icd_firmwaremedtronic:mycarelink_monitor_24950medtronic:mycarelink_monitor_24950_firmwaremedtronic:mycarelink_monitor_24952medtronic:mycarelink_monitor_24952_firmwaremedtronic:nayamed_nd_icdmedtronic:nayamed_nd_icd_firmwaremedtronic:primo_icdmedtronic:primo_icd_firmwaremedtronic:protecta_crt-dmedtronic:protecta_crt-d_firmwaremedtronic:protecta_icdmedtronic:protecta_icd_firmwaremedtronic:secura_icdmedtronic:secura_icd_firmwaremedtronic:virtuoso_icdmedtronic:virtuoso_icd_firmwaremedtronic:virtuoso_ii_icdmedtronic:virtuoso_ii_icd_firmwaremedtronic:visia_af_icdmedtronic:visia_af_icd_firmwaremedtronic:viva_crt-dmedtronic:viva_crt-d_firmware
Debilidades (CWE)
CWE-319CWE-319
Referencias
http://www.securityfocus.com/bid/107544(ics-cert@hq.dhs.gov)
https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01(ics-cert@hq.dhs.gov)
http://www.securityfocus.com/bid/107544(af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.