{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-08-04T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"}, {"tags": ["x_refsource_MISC"], "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"}, {"tags": ["x_refsource_MISC"], "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"}, {"name": "paradigm-insulin-pump-dos(69643)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"}, {"tags": ["x_refsource_MISC"], "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"}, {"tags": ["x_refsource_MISC"], "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2011-3386", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx", "refsource": "MISC", "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"}, {"name": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/", "refsource": "MISC", "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"}, {"name": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR", "refsource": "MISC", "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"}, {"name": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html", "refsource": "MISC", "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"}, {"name": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces", "refsource": "MISC", "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"}, {"name": "paradigm-insulin-pump-dos(69643)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"}, {"name": "http://www.informationweek.com/news/security/vulnerabilities/231600265", "refsource": "MISC", "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"}, {"name": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html", "refsource": "MISC", "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2011-3386", "datePublished": "2011-09-02T23:00:00", "dateReserved": "2011-09-02T00:00:00", "dateUpdated": "2017-08-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:512:*:*:*:*:*:*:*", "matchCriteriaId": "4A2EB468-F01F-4ED8-A68D-912D5861E6FB", "vulnerable": true}, {"criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:522:*:*:*:*:*:*:*", "matchCriteriaId": "DD8F4622-A67F-46AB-8F44-D1D021FEE92C", "vulnerable": true}, {"criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:712:*:*:*:*:*:*:*", "matchCriteriaId": "75DB801E-6E51-40A8-9424-923EEAB6EBFD", "vulnerable": true}, {"criteria": "cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:722:*:*:*:*:*:*:*", "matchCriteriaId": "62B4EFD1-CB94-4453-AF69-F0DAE4BE3435", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying \"we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en la bomba de insulina inalambirca Medtronic Paradigm 512, 522, 712 y 722, permite a atacantes remotos modificar la administraci\u00f3n de una dosis de insulina y provocar una denegaci\u00f3n de servicio (efectos adversos para la salud humana) a trav\u00e9s de vectores no especificados relacionados con las comunicaciones inal\u00e1mbricas y el conocimiento de la n\u00famero de serie del dispositivo, como se demuestra por Jerome Radcliffe en la conferencia Black Hat de EE.UU. en agosto de 2011. NOTA: el vendedor ha puesto en duda la gravedad de este asunto, diciendo que \"creemos que el riesgo de manipulaci\u00f3n deliberada, malintencionada o no autorizada de dispositivos m\u00e9dicos es muy bajo ... estamos convencidos de que ser\u00eda extremadamente dif\u00edcil para un tercero de forma inal\u00e1mbrica interferir en la bomba de insulina ... usted ser\u00eda capaz de detectar los tonos de la bomba de insulina que no estaban programados intencionalmente y podr\u00eda actuar en consecuencia. \""}], "id": "CVE-2011-3386", "lastModified": "2017-08-29T01:30:11.083", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-09-02T23:55:05.427", "references": [{"source": "cve@mitre.org", "url": "http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html"}, {"source": "cve@mitre.org", "url": "http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html"}, {"source": "cve@mitre.org", "url": "http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces"}, {"source": "cve@mitre.org", "url": "http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx"}, {"source": "cve@mitre.org", "url": "http://www.informationweek.com/news/security/vulnerabilities/231600265"}, {"source": "cve@mitre.org", "url": "http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR"}, {"source": "cve@mitre.org", "url": "http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69643"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}