Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIcscertCVE-2019-10964
HistoryJun 28, 2019 - 9:15 p.m.

CVE-2019-10964

2019-06-2821:15:11
CWE-287
CWE-863
icscert
web.nvd.nist.gov
55
security
vulnerability
medtronic
minmed
insulin pumps
cve-2019-10964
wireless communication
authentication
authorization
adjacent access
data interception
insulin delivery control

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

28.5%

JSON

In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Affected configurations

Nvd
Node
medtronicminimed_508_firmware
AND
medtronicminimed_508Match-
Node
medtronicminimed_paradigm_511_firmware
AND
medtronicminimed_paradigm_511Match-
Node
medtronicminimed_paradigm_512_firmware
AND
medtronicminimed_paradigm_512Match-
Node
medtronicminimed_paradigm_712_firmware
AND
medtronicminimed_paradigm_712Match-
Node
medtronicminimed_paradigm_712e_firmware
AND
medtronicminimed_paradigm_712eMatch-
Node
medtronicminimed_paradigm_515_firmware
AND
medtronicminimed_paradigm_515Match-
Node
medtronicminimed_paradigm_715_firmware
AND
medtronicminimed_paradigm_715Match-
Node
medtronicminimed_paradigm_522_firmware
AND
medtronicminimed_paradigm_522Match-
Node
medtronicminimed_paradigm_722_firmware
AND
medtronicminimed_paradigm_722Match-
Node
medtronicminimed_paradigm_522k_firmware
AND
medtronicminimed_paradigm_522kMatch-
Node
medtronicminimed_paradigm_722k_firmware
AND
medtronicminimed_paradigm_722kMatch-
Node
medtronicminimed_paradigm_523_firmwareRange2.4a
AND
medtronicminimed_paradigm_523Match-
Node
medtronicminimed_paradigm_723_firmwareRange2.4a
AND
medtronicminimed_paradigm_723Match-
Node
medtronicminimed_paradigm_523k_firmwareRange2.4a
AND
medtronicminimed_paradigm_523kMatch-
Node
medtronicminimed_paradigm_723k_firmwareRange2.4a
AND
medtronicminimed_paradigm_723kMatch-
Node
medtronicminimed_paradigm_veo_554_firmwareRange2.6a
AND
medtronicminimed_paradigm_veo_554Match-
Node
medtronicminimed_paradigm_veo_754_firmwareRange2.6a
AND
medtronicminimed_paradigm_veo_754Match-
Node
medtronicminimed_paradigm_veo_554cm_firmwareRange2.7a
AND
medtronicminimed_paradigm_veo_554cmRange2.7a
Node
medtronicminimed_paradigm_veo_754cm_firmwareMatch-
AND
medtronicminimed_paradigm_veo_754cmMatch-
VendorProductVersionCPE
medtronicminimed_508_firmware*cpe:2.3:o:medtronic:minimed_508_firmware:*:*:*:*:*:*:*:*
medtronicminimed_508-cpe:2.3:h:medtronic:minimed_508:-:*:*:*:*:*:*:*
medtronicminimed_paradigm_511_firmware*cpe:2.3:o:medtronic:minimed_paradigm_511_firmware:*:*:*:*:*:*:*:*
medtronicminimed_paradigm_511-cpe:2.3:h:medtronic:minimed_paradigm_511:-:*:*:*:*:*:*:*
medtronicminimed_paradigm_512_firmware*cpe:2.3:o:medtronic:minimed_paradigm_512_firmware:*:*:*:*:*:*:*:*
medtronicminimed_paradigm_512-cpe:2.3:h:medtronic:minimed_paradigm_512:-:*:*:*:*:*:*:*
medtronicminimed_paradigm_712_firmware*cpe:2.3:o:medtronic:minimed_paradigm_712_firmware:*:*:*:*:*:*:*:*
medtronicminimed_paradigm_712-cpe:2.3:h:medtronic:minimed_paradigm_712:-:*:*:*:*:*:*:*
medtronicminimed_paradigm_712e_firmware*cpe:2.3:o:medtronic:minimed_paradigm_712e_firmware:*:*:*:*:*:*:*:*
medtronicminimed_paradigm_712e-cpe:2.3:h:medtronic:minimed_paradigm_712e:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

CNA Affected

[
  {
    "product": "Medtronic MiniMed 508 and Paradigm Series Insulin Pumps",
    "vendor": "Medtronic",
    "versions": [
      {
        "status": "affected",
        "version": "MiniMed 508 pump All versions"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 511 pump All versions"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 512/712 pump All versions"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 712E pump All versions"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 515/715 pumps–All versions"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 522/722 pump–All versions"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 522K/722K pumps–All versions"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 523/723 pumps–Software versions 2.4A or lower"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm 523K/723K pumps versions 2.4A or lower"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm Veo 554/754 pumps–versions 2.6A or lower"
      },
      {
        "status": "affected",
        "version": "MiniMed Paradigm Veo 554CM and 754CM versions 2.7A or lower"
      }
    ]
  }
]

Related

threatpost 1
nvd 1
prion 1
cvelist 1
ics 1
threatpost
threatpost
FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps
2019-06-28 15:14:43
nvd
nvd
CVE-2019-10964
2019-06-28 21:15:11
prion
prion
Authentication flaw
2019-06-28 21:15:00
cvelist
cvelist
CVE-2019-10964
2019-06-28 20:58:07
ics
ics
Medtronic MiniMed 508 and Paradigm Series Insulin Pumps
2019-06-27 12:00:00

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.001

Percentile

28.5%

JSON
Related for CVE-2019-10964
threatpost1nvd1prion1cvelist1ics1