Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2020-27252
Modified
More InfoOfficial Page
Source-ics-cert@hq.dhs.gov
View Known Exploited Vulnerability (KEV) details
Published At-14 Dec, 2020 | 20:15
Updated At-22 May, 2025 | 20:15

Medtronic MyCareLink Smart 25000 is vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader. If exploited, an attacker could remotely execute code on the MCL Smart Patient Reader device, leading to control of the device.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Primary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.09.3HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
CPE Matches
medtronic
medtronic
>>mycarelink_smart_model_25000_firmware>>*
cpe:2.3:o:medtronic:mycarelink_smart_model_25000_firmware:*:*:*:*:*:*:*:*
medtronic
medtronic
>>mycarelink_smart_model_25000>>-
cpe:2.3:h:medtronic:mycarelink_smart_model_25000:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-367Secondaryics-cert@hq.dhs.gov
CWE-367Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://global.medtronic.com/xg-en/product-security/security-bulletins/mycarelink-smart-security-vulnerability-patch.htmlics-cert@hq.dhs.gov
N/A
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-345-01ics-cert@hq.dhs.gov
N/A
https://us-cert.cisa.gov/ics/advisories/icsma-20-345-01af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
US Government Resource
Change History
0Changes found
Details not found