Medtronic N'Vision Clinician Programmer (Update A)

MonitorCVSS 6.3ICS-CERT ICSMA-18-137-01May 17, 2018

Medtronic

Attack path

Attack VectorPhysical

Auth RequiredNone

ComplexityHigh

User InteractionRequired

Summary

The N'Vision Clinician Programmer and 8870 N'Vision removable Application Card (Compact Flash card) store patient personal health information (PHI) and personally identifying information (PII) in unencrypted form as part of normal operation. An attacker with physical access to the removable application card can connect it to a standard Compact Flash card reader and directly access this patient data without requiring any credentials or authentication. The vulnerabilities stem from insufficient data encryption (CWE-311) and use of hard-coded credentials or default security parameters (CWE-693). Medtronic has not released a firmware or software update to remediate these issues.

What this means

What could happen

An attacker with physical access to an N'Vision removable application card could extract unencrypted personal health information and patient identifying data stored on the card. This could lead to patient privacy breaches and potential misuse of sensitive medical records.

Who's at risk

Hospitals, ambulatory surgery centers, and clinical sites using Medtronic N'Vision Clinician Programmer systems for patient monitoring and therapy management should be concerned. Anyone responsible for clinical device inventory and data security—particularly cardiology, electrophysiology, and remote monitoring programs—needs to understand this risk.

How it could be exploited

An attacker must physically obtain the 8870 N'Vision removable Application Card (Compact Flash card) and connect it to a computer or card reader. The card stores personal health information and patient data in unencrypted form that can be read directly from the card without authentication.

Prerequisites

Physical access to the 8870 N'Vision removable Application Card
A Compact Flash card reader or compatible device
No credentials or special tools required to extract data

No authentication required to access stored dataPhysical access required but plausible in clinical environmentsNo patch available—end-of-life productDirect access to unencrypted personal health information and patient identifying data

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

8870 N'Vision removable Application Card: all versionsAll versionsNo fix (EOL)

8840 N'Vision Clinician Programmer: all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGImplement physical security controls to prevent unauthorized access to N'Vision Application Cards, including secure storage in locked areas when not in clinical use

HARDENINGEstablish a chain-of-custody procedure for N'Vision Application Cards to track and monitor their location and handling

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGTrain clinical staff on the risks of data exposure and proper handling procedures for application cards containing patient data

WORKAROUNDEnsure N'Vision Application Cards are properly destroyed or securely wiped when removed from service to prevent data recovery

CVEs (2)

CVE-2018-8849 CVE-2018-10631

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/02b3d37d-0998-45a9-85b7-8fc5d48cd1ec

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.