CVE-2019-10964

Published Jun 28, 2019

Last updated 4 years ago

CVSS high 8.8

Overview

Description: In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 6.4
Exploitability score: 6.5
Vector string: AV:A/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_508_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DDE99AD-6C56-4366-97A8-E7350AA1EBB6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_508:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C6E4916C-6DD1-4404-BD7B-B998569EDF14"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_511_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E05835DE-DBD1-4FB9-B0C7-15785EE9026B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_511:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2A13FBA6-5CCF-4E73-B6C9-6E3F7F962D43"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_512_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65BE1432-6334-424A-B9A5-B5A14AC4F45B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_512:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C9AD611A-CC28-4F92-B2B9-8401658FD713"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_712_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7247AD5D-C2DA-4A72-B719-2064571A536F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_712:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1D67EC51-006F-4BC9-85BB-A1A7D597C1C9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_712e_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "690D2311-70A2-44CD-899E-20FD3AD1AC8F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_712e:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C13A6A49-96C7-475A-B04E-FCE7D39CDE4B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_515_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8A1BA82-91A6-48AF-AC01-10FD19D92462"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_515:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "55151631-78E7-42C3-BB25-AC69D36FD369"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_715_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A63ED6AA-EB20-4C68-A52D-BA8D548DEA8D"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_715:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B626EAD3-2781-4DFD-9720-0399E197C383"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_522_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8D6EB99-08D8-493E-BBCB-D7C3913CF4D0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_522:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D2EBD943-6BE9-4438-BAFD-32CA3165F635"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_722_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAC192CC-0FD2-48E4-B19C-91C65DC4795B"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_722:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D9AD1FE7-B872-4E38-AAE9-E33BB5C4C665"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_522k_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D825C865-732D-4EBD-8452-6F1DA56D46CC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_522k:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4D653E95-9FAE-403D-990F-669E6455571B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_722k_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53AE31AD-579C-4EE9-A6C8-3B790521DAC7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_722k:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A42FD945-6BE8-4264-B90A-57CAA76AF8E2"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_523_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66A65D8E-2091-414D-B251-9144A0C57404",
            "versionEndIncluding": "2.4a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_523:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "24A1C8C6-D38F-4CDB-95A8-2A64F559E678"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_723_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7238B959-5ADF-404E-8281-299762763597",
            "versionEndIncluding": "2.4a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_723:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4604A5B1-9FB9-4CD8-8691-688C86C446F4"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_523k_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "053F180C-A81C-410C-97D9-90E1ABF8A3CD",
            "versionEndIncluding": "2.4a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_523k:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6519D44-D492-4CE8-88D9-0E0C6F716AF1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_723k_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C4B5EFD-DC90-4F88-97D4-9B7919777F4A",
            "versionEndIncluding": "2.4a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_723k:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "858EFED7-6FEE-45C5-90F9-6A7D381992D1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_veo_554_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6831F875-8251-4FE2-AF83-627B7D55D1A4",
            "versionEndIncluding": "2.6a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_veo_554:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "655937A8-0CD6-4BE1-A8C4-0D6CEB9E67CC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_veo_754_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE0CD31A-D8EC-4B3A-ADD6-B40B6F005D4B",
            "versionEndIncluding": "2.6a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_veo_754:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "026D0A22-334A-4B90-BA5E-182836258043"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_veo_554cm_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62231E02-DD44-4308-B8E0-A0E018CCAB02",
            "versionEndIncluding": "2.7a"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_veo_554cm:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "C78BD917-F048-4334-81E2-E7C105666E44",
            "versionEndIncluding": "2.7a"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronic:minimed_paradigm_veo_754cm_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90A1EFD8-109A-4728-A019-D895F9A7F361"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronic:minimed_paradigm_veo_754cm:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B302FC04-04EC-406A-828D-3B81482A6C3F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References