Medtronic Micro Clinician App and InterStim X App Vulnerabilities
Medtronic Micro Clinician App (A51200) and InterStim X Clinician App (A51300) contain a vulnerability that could cause the applications' custom passwords to be reset to default
Summary
Medtronic Micro Clinician App (A51200) and InterStim X Clinician App (A51300) contain a vulnerability that could cause the applications' custom passwords to be reset to default
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Medtronic has identified an unverified password change vulnerability in their Medtronic Clinician App (A51200) and InterStim X Clinician App (A51300), which are used by patients and clinicians to control implanted pelvic neurostimulator devices.
Successful exploitation of this vulnerability could cause the clinician applications' custom passwords to be reset to default, resulting in unauthorised control of the applications. In order to exploit this vulnerability, an attacker would require direct physical access to the assigned Smart Programmer device and changes cannot be made beyond established therapy parameters.
Threat updates
| Date | Update |
|---|---|
| 10 Mar 2023 |
Updated remediation advice
Updated advice to reflect current remediation |
Remediation advice
Affected organisations are encouraged to review the CISA Medical Advisory ICSMA-23-061-01 and the Medtronic Security Bulletin for more information.
The following mitigations have been provided by Medtronic:
- An app update is available as of February 23, 2023 that will fix the vulnerability.
- Users should refer to the Medtronic Security Bulletin for the correct Medtronic Support contact for help updating the app.
Definitive source of threat updates
Last edited: 10 March 2023 11:27 am