Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2019-10964

Disclosure Date: June 28, 2019
CVE-2019-10964
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed 508 pump All versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 511 pump All versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 512/712 pump All versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 712E pump All versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 515/715 pumps–All versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 522/722 pump–All versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 522K/722K pumps–All versions
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 523/723 pumps–Software versions 2.4A or lower
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm 523K/723K pumps versions 2.4A or lower
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm Veo 554/754 pumps–versions 2.6A or lower
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps MiniMed Paradigm Veo 554CM and 754CM versions 2.7A or lower
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis