Insulin Pump Vulnerability in Medtronic Devices
CVE-2019-10964

8.8HIGH

Key Information:

Vendor

Medtronic

Status
Minimed 508 Pump
Minimed Paradigm 511 Pump
Minimed Paradigm 512/712 Pumps
Minimed Paradigm 712e Pump
Vendor
CVE Published:
28 June 2019

What is CVE-2019-10964?

Affected Medtronic insulin pumps utilize a wireless RF communication protocol that lacks essential authentication and authorization measures. This vulnerability permits attackers with close physical access to inject, replay, modify, or intercept data communicated between the pumps and compatible devices such as blood glucose meters and CareLink USB devices. Consequently, unauthorized individuals may manipulate pump settings, adversely impacting insulin delivery and patient safety.

Affected Version(s)

MiniMed 508 pump All versions

MiniMed Paradigm 511 pump All versions

MiniMed Paradigm 512/712 pumps All versions

References

https://global.medtronic.com/xg-en/product-security/secur...
https://www.cisa.gov/news-events/ics-medical-advisories/i...
http://www.securityfocus.com/bid/108926
vdb-entry

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.