SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2018-8849

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 4.6		CVSS Score : 2.1
Exploit Score: 0.9		Exploit Score: 3.9
Impact Score: 3.6		Impact Score: 2.9

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: PHYSICAL		Access Vector: LOCAL
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: NONE		Authentication: NONE
User Interaction: NONE		Confidentiality: PARTIAL
Scope: UNCHANGED		Integrity: NONE
Confidentiality: HIGH		Availability: NONE
Integrity: NONE
Availability: NONE

Reference:

BID-104213

http://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic-NVision-8840_Security-Bulletin_FINAL.pdf

https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01


30430



423868



247621



909



194512



282