Lucene search

MedtronicCVELIST:CVE-2022-32537

HistoryNov 17, 2022 - 8:47 p.m.

CVE-2022-32537 Medtronic MiniMed 600 Series Pump System Communication Issue

2022-11-1720:47:05

CWE-693

Medtronic

www.cve.org

medtronic

minimed 600

communication issue

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Minimed 600 Series Insulin Pump",
    "vendor": "Medtronic",
    "versions": [
      {
        "status": "affected",
        "version": "620G, 630G, 640G, 670G"
      }
    ]
  }
]

References

global.medtronic.com/xg-en/product-security/security-bulletins/minimed-600-series-communication-issue.html

www.cisa.gov/uscert/ics/advisories/icsma-22-263-01

4.8 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

5.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

JSON

Related for CVELIST:CVE-2022-32537