Lucene search

[email protected]CVE-2022-32537

HistoryDec 12, 2022 - 1:15 p.m.

CVE-2022-32537

2022-12-1213:15:12

CWE-693

[email protected]

web.nvd.nist.gov

cve-2022-32537

medtronic

security vulnerability

unauthorized access

communication protocol

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance

Affected configurations

NVD

Node

medtronicguardian_link_2_transmitter_mmt-7730_firmwareMatch-

AND

medtronicguardian_link_2_transmitter_mmt-7730Match-

Node

medtronicguardian_link_2_transmitter_mmt-7731_firmwareMatch-

AND

medtronicguardian_link_2_transmitter_mmt-7731Match-

Node

medtronicguardian_link_2_transmitter_mmt-7738_firmwareMatch-

AND

medtronicguardian_link_2_transmitter_mmt-7738Match-

Node

medtronicguardian_link_2_transmitter_mmt-7775_firmwareMatch-

AND

medtronicguardian_link_2_transmitter_mmt-7775Match-

Node

medtronicguardian_link_3_transmitter_mmt-7810_firmwareMatch-

AND

medtronicguardian_link_3_transmitter_mmt-7810Match-

Node

medtronicguardian_link_3_transmitter_mmt-7811_firmwareMatch-

AND

medtronicguardian_link_3_transmitter_mmt-7811Match-

Node

medtronicminimed_620g_mmt-1750_firmwareMatch-

AND

medtronicminimed_620g_mmt-1750Match-

Node

medtronicminimed_630g_mmt-1715_firmwareMatch-

AND

medtronicminimed_630g_mmt-1715Match-

Node

medtronicminimed_630g_mmt-1754_firmwareMatch-

AND

medtronicminimed_630g_mmt-1754Match-

Node

medtronicminimed_630g_mmt-1755_firmwareMatch-

AND

medtronicminimed_630g_mmt-1755Match-

Node

medtronicminimed_640g_mmt-1711_firmwareMatch-

AND

medtronicminimed_640g_mmt-1711Match-

Node

medtronicminimed_640g_mmt-1712_firmwareMatch-

AND

medtronicminimed_640g_mmt-1712Match-

Node

medtronicminimed_640g_mmt-1751_firmwareMatch-

AND

medtronicminimed_640g_mmt-1751Match-

Node

medtronicminimed_640g_mmt-1752_firmwareMatch-

AND

medtronicminimed_640g_mmt-1752Match-

Node

medtronicminimed_670g_mmt-1740_firmwareMatch-

AND

medtronicminimed_670g_mmt-1740Match-

Node

medtronicminimed_670g_mmt-1741_firmwareMatch-

AND

medtronicminimed_670g_mmt-1741Match-

Node

medtronicminimed_670g_mmt-1742_firmwareMatch-

AND

medtronicminimed_670g_mmt-1742Match-

Node

medtronicminimed_670g_mmt-1760_firmwareMatch-

AND

medtronicminimed_670g_mmt-1760Match-

Node

medtronicminimed_670g_mmt-1761_firmwareMatch-

AND

medtronicminimed_670g_mmt-1761Match-

Node

medtronicminimed_670g_mmt-1762_firmwareMatch-

AND

medtronicminimed_670g_mmt-1762Match-

Node

medtronicminimed_670g_mmt-1780_firmwareMatch-

AND

medtronicminimed_670g_mmt-1780Match-

Node

medtronicminimed_670g_mmt-1781_firmwareMatch-

AND

medtronicminimed_670g_mmt-1781Match-

Node

medtronicminimed_670g_mmt-1782_firmwareMatch-

AND

medtronicminimed_670g_mmt-1782Match-

Node

medtronicmmt-1151_firmwareMatch-

AND

medtronicmmt-1151Match-

Node

medtronicmmt-1152_firmwareMatch-

AND

medtronicmmt-1152Match-

Node

medtronicmmt-1351_firmwareMatch-

AND

medtronicmmt-1351Match-

Node

medtronicmmt-1352_firmwareMatch-

AND

medtronicmmt-1352Match-

Node

medtronicmmt-7306_firmwareMatch-

AND

medtronicmmt-7306Match-

CPENameOperatorVersion
medtronic:guardian_link_2_transmitter_mmt-7730_firmwaremedtronic guardian link 2 transmitter mmt-7730 firmwareeq-

CPE	Name	Operator	Version
medtronic:guardian_link_2_transmitter_mmt-7730_firmware	medtronic guardian link 2 transmitter mmt-7730 firmware	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Minimed 600 Series Insulin Pump",
    "vendor": "Medtronic",
    "versions": [
      {
        "status": "affected",
        "version": "620G, 630G, 640G, 670G"
      }
    ]
  }
]

References

global.medtronic.com/xg-en/product-security/security-bulletins/minimed-600-series-communication-issue.html

www.cisa.gov/uscert/ics/advisories/icsma-22-263-01

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

5.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.6%

JSON

Related for CVE-2022-32537

ics1 nvd1 prion1 cvelist1