How severe is CVE-2020-27252?

CVE-2020-27252 has a CVSS v3 score of 8.8 (HIGH).

CVE-2020-27252

Name: mycarelink_smart_model_25000
Author: medtronic

8.8HIGH

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient R

Publicado: 12/14/2020Atualizado: 5/22/2025

Descrição

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

Análise IADesenvolvido por IA

Produtos Afetados

medtronicmycarelink_smart_model_25000_firmware

medtronicmycarelink_smart_model_25000

Referências

https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01
Third Party AdvisoryUS Government Resource