The following list, which is not exhaustive, contains examples of known cyber security vulnerabilities for medical devices.
- Authentication bypass
- Buffer overflow
- Code injection
- Communication protocol vulnerability
- Credentials insufficiently protected
- Cross-site scripting
- Cryptographic issues
- Data authenticity insufficiently verified
- Debug service enabled by default
- Default password
- Exposed dangerous method or function
- Flash memory content insufficiently protected
- Hard-coded credentials
- Improper access control
- Improper authentication
- Improper authorisation
- Improper certificate validation
- Improper control of generation code
- Improper exception handling
- Improper input validation
- Improper restriction of communication channel to intended endpoints
- Improper restriction of operations within the bounds of a memory buffer
- Power consumption: improper restriction
- Reference information exposure
- Leftover debug code
- Man-in-the-middle
- Meltdown, Spectre and Spoiler
- Missing confidentiality
- Numeric errors
- Out-of-bounds read
- Path traversal
- PC operating system vulnerabilities
- Protection mechanism failure
- Relative path traversal
- Resource consumption uncontrolled
- Resource management errors
- Search path element uncontrolled
- Session expiration insufficient
- Unquoted search path or element
- Untrusted input accepted
- Vulnerable third-party software
- Weak password hashing algorithm
- XML external entity: improper restriction