Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
516
VMScore

CVE-2019-10964

Published: 28/06/2019 Updated: 24/08/2020
CVSS v2 Base Score: 5.8 | Impact Score: 6.4 | Exploitability Score: 6.5
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Medtronic

Vulnerability Summary

In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow malicious users to change pump settings and control insulin delivery.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

medtronic minimed_508_firmware

medtronic minimed_paradigm_511_firmware

medtronic minimed_paradigm_512_firmware

medtronic minimed_paradigm_712_firmware

medtronic minimed_paradigm_712e_firmware

medtronic minimed_paradigm_515_firmware

medtronic minimed_paradigm_715_firmware

medtronic minimed_paradigm_522_firmware

medtronic minimed_paradigm_722_firmware

medtronic minimed_paradigm_522k_firmware

medtronic minimed_paradigm_722k_firmware

medtronic minimed_paradigm_523_firmware

medtronic minimed_paradigm_723_firmware

medtronic minimed_paradigm_523k_firmware

medtronic minimed_paradigm_723k_firmware

medtronic minimed_paradigm_veo_554_firmware

medtronic minimed_paradigm_veo_754_firmware

medtronic minimed_paradigm_veo_554cm_firmware

medtronic minimed_paradigm_veo_754cm_firmware -

Recent Articles

Scumbags can program vulnerable MedTronic insulin pumps over the air to murder diabetics – insecure kit recalled
The Register • Shaun Nichols in San Francisco • 28 Jun 2019

Not a particularly sweet ending to the week Don't have a heart attack but your implanted defibrillator can be hacked over the air (by someone who really wants you dead)

Health implant maker MedTronic is recalling some of its insulin pumps following the discovery of security vulnerabilities in the equipment that can be exploited over the air to hijack them. Specifically, the manufacturer is recalling its MiniMed 508 and Paradigm insulin pumps, along with the CareLink USB control hub and some blood glucose monitoring devices used with the at-risk gear. America's medical drug watchdog the FDA also issued an alert this week over the holes, which can be leveraged by...

Read more...

References

CWE-287CWE-863https://www.us-cert.gov/ics/advisories/icsma-19-178-01http://www.securityfocus.com/bid/108926https://nvd.nist.govhttps://www.theregister.co.uk/2019/06/28/medtronic_insulin_pump_recall/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook