Medtronic reports Critical Vulnerability in Paceart Optima System
Take action: Medical systems are very sensitive to be upgraded. If you are in the medical business, consider the risks of upgrade, test thoroughly and if possible update to version 1.12. Otherwise disable the Paceart Messaging Service, and implement defensive measures like firewall isolation.
Learn More
Medtronic has disclosed a critical cybersecurity vulnerability in its Paceart Optima System.
The vulnerability, tracked as CVE-2023-31222 - and carries a CVSS score of 9.8 could allow threat actors to execute code remotely or cause a denial-of-service (DoS) condition if exploited.
The Paceart Optima System, designed to manage patients' cardiac device data, is susceptible to remote code execution and/or DoS attacks if the optional Paceart Messaging Service is enabled.
The vulnerability affects Paceart Optima versions 1.11 and earlier.
Medtronic recommends updating the system to v1.12 or disabling the Paceart Messaging Service as immediate mitigations to prevent potential exploitation.
CISA advises organizations to conduct proper risk assessments and deploy defensive measures, including firewall isolation for remote devices.
