CVE-2018-10622

Summary

Medtronic MyCareLink Patient Monitor uses per-product credentials that are stored in a recoverable format. An attacker can use these credentials for network authentication.

Affected Software

VendorProductVersion RangeStatus
Medtronic24950 MyCareLink Monitor0 < February 25, 2026affected
Medtronic24952 MyCareLink Monitor0 < February 25, 2026affected

Weaknesses

  • CWE-313: CWE-313

Workarounds

Medtronic recommends users take additional defensive measures to minimize the risk of exploitation. Specifically, users should:

  • Maintain good physical control over the home monitor.
  • Only use home monitors obtained directly from their healthcare provider or a Medtronic representative to ensure integrity of the system. Medtronic has released additional patient focused information, at the following location:

https://www.medtronic.com/security Users should follow CISA's guidance in the following areas:

ADP Enrichment

CVE Program Container

Additional References

References