CVE-2019-6540

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2019-6540
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data.

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01 US Government Resource Third Party Advisory
http://www.securityfocus.com/bid/107544 Broken Link
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:medtronic:mycarelink_monitor_24950_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:mycarelink_monitor_24950:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:medtronic:mycarelink_monitor_24952_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:mycarelink_monitor_24952:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:medtronic:carelink_monitor_2490c_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:carelink_monitor_2490c:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:medtronic:carelink_2090_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:carelink_2090:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:medtronic:amplia_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:amplia_crt-d:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:medtronic:claria_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:claria_crt-d:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:medtronic:compia_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:compia_crt-d:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:medtronic:concerto_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:concerto_crt-d:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:medtronic:concerto_ii_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:concerto_ii_crt-d:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:medtronic:consulta_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:consulta_crt-d:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:medtronic:evera_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:evera_icd:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:medtronic:maximo_ii_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:maximo_ii_crt-d:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:medtronic:maximo_ii_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:maximo_ii_icd:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:medtronic:mirro_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:mirro_icd:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:medtronic:nayamed_nd_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:nayamed_nd_icd:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:medtronic:primo_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:primo_icd:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:medtronic:protecta_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:protecta_icd:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:medtronic:protecta_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:protecta_crt-d:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND
cpe:2.3:o:medtronic:secura_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:secura_icd:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND
cpe:2.3:o:medtronic:virtuoso_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:virtuoso_icd:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND
cpe:2.3:o:medtronic:virtuoso_ii_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:virtuoso_ii_icd:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND
cpe:2.3:o:medtronic:visia_af_icd_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:visia_af_icd:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND
cpe:2.3:o:medtronic:viva_crt-d_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronic:viva_crt-d:-:*:*:*:*:*:*:*
Information

Published : 2019-03-26 11:29

Updated : 2021-11-03 11:57

NVD link : CVE-2019-6540

Mitre link : CVE-2019-6540

JSON object : View

CWE
CWE-319

Cleartext Transmission of Sensitive Information

Advertisement

dedicated server usa
Products Affected

medtronic

  • nayamed_nd_icd_firmware
  • amplia_crt-d_firmware
  • evera_icd
  • mirro_icd
  • carelink_monitor_2490c
  • secura_icd
  • protecta_icd_firmware
  • mirro_icd_firmware
  • evera_icd_firmware
  • concerto_crt-d
  • compia_crt-d_firmware
  • virtuoso_icd
  • virtuoso_icd_firmware
  • carelink_2090_firmware
  • protecta_icd
  • mycarelink_monitor_24952_firmware
  • carelink_2090
  • primo_icd_firmware
  • visia_af_icd_firmware
  • claria_crt-d
  • claria_crt-d_firmware
  • amplia_crt-d
  • mycarelink_monitor_24952
  • concerto_ii_crt-d_firmware
  • protecta_crt-d
  • virtuoso_ii_icd
  • primo_icd
  • maximo_ii_crt-d_firmware
  • secura_icd_firmware
  • consulta_crt-d_firmware
  • nayamed_nd_icd
  • concerto_ii_crt-d
  • viva_crt-d
  • protecta_crt-d_firmware
  • maximo_ii_crt-d
  • mycarelink_monitor_24950_firmware
  • viva_crt-d_firmware
  • maximo_ii_icd_firmware
  • carelink_monitor_2490c_firmware
  • compia_crt-d
  • visia_af_icd
  • consulta_crt-d
  • maximo_ii_icd
  • virtuoso_ii_icd_firmware
  • concerto_crt-d_firmware
  • mycarelink_monitor_24950