The official site for Saudi CERT
Medtronic Updates
3403
Warning Date
Severity Level
Warning Number
Target Sector
3 February, 2020
● Critical
2020-872
HealthCare
Description:
Medtronic has released security update to address vulnerability in the following products:
- Evera ICD
- Mirro ICD
- Primo ICD
- Viva CRT-D
- Brava CRT-D
- Mirro MRI ICD
- MyCareLink Monitor, Versions 24950 and 24952
- CareLink Monitor, Version 2490C
- CareLink 2090 Programmer
- Amplia CRT-D
- Claria CRT-D
- Compia CRT-D
- Concerto CRT-D
- Concerto II CRT-D
- Consulta CRT-D
- Maximo II CRT-D and ICD
- Nayamed ND ICD
- Protecta ICD and CRT-D
- Secura ICD
- Virtuoso ICD
- Virtuoso II ICD
- 2090 CareLink Programmer
- 29901 Encore Programmer
- Visia AF ICD
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Unauthorized modification
- Unauthorized disclosure of information
- Man in the middle attack
Best practice and Recommendations:
The CERT team encourages users to review Medtronic security advisory and apply the necessary updates for the following products:
- 2090 CareLink Programmer
- 29901 Encore Programmer
- Brava CRT-D
- Evera MRI ICD
- Evera ICD
- Mirro MRI ICD
- Primo MRI ICD
- Viva CRT-D
In addition, Medtronic encourages users to:
- Do not connect unapproved devices to home monitors and through USB ports or other physical connections.
- Restrict system access to authorized personnel only and follow a least privilege approach.
- Disable unnecessary accounts and services.
- https://global.medtronic.com/xg-en/product-security/security-bulletins/conexus.html
- https://global.medtronic.com/xg-en/product-security/security-bulletins/carelink-2090-29901.html
Rate the content
Share the page
