CVE-2019-6538— 多款Medtronic产品访问控制错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2019-6538の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Medtronic Conexus Radio Frequency Telemetry Protocol Improper Access Control
ソース: NVD (National Vulnerability Database)
脆弱性説明
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement authentication or authorization. An attacker with adjacent short-range access to an affected product, in situations where the product’s radio is turned on, can inject, replay, modify, and/or intercept data within the telemetry communication. This communication protocol provides the ability to read and write memory values to affected implanted cardiac devices; therefore, an attacker could exploit this communication protocol to change memory in the implanted cardiac device.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
访问控制不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
多款Medtronic产品访问控制错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
多款Medtronic产品中存在访问控制错误漏洞,该漏洞源于Conexus遥测协议没有执行授权或身份验证。攻击者可利用该漏洞注入,修改或拦截遥测通信中的输入。以下产品和版本受到影响:MyCareLink Monitor 24950版本,24952版本;CareLink Monitor 2490C版本;CareLink 2090 Programmer;Amplia CRT-D;Claria CRT-D;Compia CRT-D;Concerto CRT-D;Concerto II CRT-D;Consult
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Medtronic | Conexus Radio Frequency Telemetry Protocol | All versions | - | |
| Medtronic | MyCareLink Monitor | 24950 | - | |
| Medtronic | CareLink Monitor | 2490C | - | |
| Medtronic | CareLink 2090 Programmer | All versions | - | |
| Medtronic | Amplia CRT-D | All versions | - | |
| Medtronic | Claria CRT-D | All versions | - | |
| Medtronic | Compia CRT-D | All versions | - | |
| Medtronic | Concerto CRT-D | All versions | - | |
| Medtronic | Concerto II CRT-D | All versions | - | |
| Medtronic | Consulta CRT-D | All versions | - | |
| Medtronic | Evera ICD | All versions | - | |
| Medtronic | Maximo II CRT-D | All versions | - | |
| Medtronic | Maximo II ICD | All versions | - | |
| Medtronic | Mirro ICD | All versions | - | |
| Medtronic | Nayamed ND ICD | All versions | - | |
| Medtronic | Primo ICD | All versions | - | |
| Medtronic | Protecta ICD, Protecta CRT-D | All versions | - | |
| Medtronic | Secura ICD | All versions | - | |
| Medtronic | Virtuoso ICD | All versions | - | |
| Medtronic | Virtuoso II ICD | All versions | - | |
| Medtronic | Visia AF ICD | All versions | - | |
| Medtronic | Viva CRT-D | All versions | - | |
| Medtronic | Brava CRT-D | All versions | - | |
| Medtronic | Mirro MRI ICD | All versions | - |
II. CVE-2019-6538の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2019-6538のインテリジェンス情報
请登录查看更多情报信息。
- https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01x_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2019-6538
IV. 関連脆弱性
同じ弱点: CWE-284
- CVE-2026-8233
Dotouch XproUPF access control - CVE-2026-42569
phpvms: /importer authorization bypass causing full database - CVE-2026-42205
Avo: Broken Access Control: Unauthorized Execution of Arbitr - CVE-2026-41487
Langfuse: Improper role-based-access control in Langfuse LLM - CVE-2026-42278
UltraDAG: Smart Account Spending Policy Bypass via Pockets
V. CVE-2019-6538へのコメント
まだコメントはありません