How severe is CVE-2020-27252?

CVE-2020-27252 has a CVSS v3 score of 8.8 (HIGH).

CVE-2020-27252

Name: mycarelink_smart_model_25000
Author: medtronic

8.8HIGH

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient R

Published: 12/14/2020Updated: 5/22/2025

Description

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

AI AnalysisPowered by AI

Affected Products

medtronicmycarelink_smart_model_25000_firmware

medtronicmycarelink_smart_model_25000

References

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party AdvisoryUS Government Resource