CVE-2018-10631

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/104213", "name": "http://www.securityfocus.com/bid/104213", "tags": [], "refsource": ""}, {"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/nvision.html", "name": "https://global.medtronic.com/xg-en/product-security/security-bulletins/nvision.html", "tags": [], "refsource": ""}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-137-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}, {"url": "https://www.medtronic.com/security", "name": "https://www.medtronic.com/security", "tags": ["Vendor Advisory"], "refsource": ""}, {"url": "https://www.medtronic.com/security", "name": "https://www.medtronic.com/security", "tags": ["Vendor Advisory"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The 8840 Clinician Programmer executes the application program from the 8870 Application Card. An attacker with physical access to an 8870 Application Card and sufficient technical capability can modify the contents of this card, including the binary executables. If modified to bypass protection mechanisms, this malicious code will be run when the card is inserted into an 8840 Clinician Programmer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-693"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-10631", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}}, "publishedDate": "2018-07-13T19:29Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:medtronic:n\\'vision_8840_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:medtronic:n\\'vision_8840:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:medtronic:n\\'vision_8870_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:medtronic:n\\'vision_8870:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-06-27T17:15Z"}