URGENT/11 Vulnerabilities SECURITY BULLETIN

September 30, 2019

Vulnerability Summary

Medtronic is aware of and is monitoring a series of cybersecurity vulnerabilities known as URGENT/11. These were publicized by Armis Security, a security services firm, over the summer. These vulnerabilities impact the networking component of VxWorks, and other widely-used embedded operating systems, to remotely access or disrupt systems. These vulnerabilities could allow an unauthorized individual to take over a vulnerable device through a network connection.

To date, no cyberattack, data breach, or patient harm involving a Medtronic product has been observed or associated with this vulnerability.

Medtronic Response

Our technical teams have assessed the situation to better understand any potential impact to our products.

To date, we have confirmed there is no impact to Medtronic products. Our product security teams are closely monitoring this evolving situation, and we will continue to take appropriate actions as circumstances dictate, including patching and additional mitigations that may become available.

Medtronic will continue to follow our established coordinated disclosure processes for any significant security vulnerabilities associated with our products or any updates associated with this vulnerability.

At Medtronic, we take cybersecurity matters seriously and have teams continuously engaged in these matters.

Additional Resources

Customers needing additional information should contact security@medtronic.com.