{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-6540", "ASSIGNER": "ics-cert@hq.dhs.gov", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Medtronic", "product": { "product_data": [ { "product_name": "Conexus Radio Frequency Telemetry Protocol", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "MyCareLink Monitor", "version": { "version_data": [ { "version_value": "24950" }, { "version_value": "24952" } ] } }, { "product_name": "CareLink Monitor", "version": { "version_data": [ { "version_value": "2490C" } ] } }, { "product_name": "CareLink 2090 Programmer", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Amplia CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Claria CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Compia CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Concerto CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Concerto II CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Consulta CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Evera ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Maximo II CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Maximo II ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Mirro ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Nayamed ND ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Primo ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Protecta ICD, Protecta CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Secura ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Virtuoso ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Virtuoso II ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Visia AF ICD", "version": { "version_data": [ { "version_value": "n/a" } ] } }, { "product_name": "Viva CRT-D", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cleartext transmission of sensitive information CWE-319" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-080-01" }, { "refsource": "BID", "name": "107544", "url": "http://www.securityfocus.com/bid/107544" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and 24952, CareLink Monitor version 2490C, CareLink 2090 Programmer, Amplia CRT-D, Claria CRT-D, Compia CRT-D, Concerto CRT-D, Concerto II CRT-D, Consulta CRT-D, Evera ICD, Maximo II CRT-D and ICD, Mirro ICD, Nayamed ND ICD, Primo ICD, Protecta ICD and CRT-D, Secura ICD, Virtuoso ICD, Virtuoso II ICD, Visia AF ICD, and Viva CRT-D does not implement encryption. An attacker with adjacent short-range access to a target product can listen to communications, including the transmission of sensitive data." } ] } }