CVE-2019-10964 - OpenCVE

In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Medtronic	Minimed Paradigm 523k Minimed Paradigm 522k Firmware Minimed Paradigm Veo 554cm Firmware Minimed Paradigm 522 Firmware Minimed Paradigm Veo 554 Minimed Paradigm 723k Minimed 508 Firmware Minimed Paradigm 723k Firmware Minimed Paradigm 515 Minimed 508 Minimed Paradigm 722 Firmware Minimed Paradigm 712e Minimed Paradigm 511 Firmware Minimed Paradigm 512 Firmware Minimed Paradigm Veo 754 Firmware Minimed Paradigm 712 Firmware Minimed Paradigm 722 Minimed Paradigm 523 Minimed Paradigm 715 Firmware Minimed Paradigm 723 Minimed Paradigm 522 Minimed Paradigm Veo 754cm Firmware Minimed Paradigm 523k Firmware Minimed Paradigm 715 Minimed Paradigm Veo 754 Minimed Paradigm 722k Minimed Paradigm Veo 754cm Minimed Paradigm 511 Minimed Paradigm 523 Firmware Minimed Paradigm 522k Minimed Paradigm 512 Minimed Paradigm 722k Firmware Minimed Paradigm 515 Firmware Minimed Paradigm Veo 554 Firmware Minimed Paradigm 712e Firmware Minimed Paradigm 723 Firmware Minimed Paradigm 712 Minimed Paradigm Veo 554cm

Configuration 1 [-]

AND

cpe:2.3:o:medtronic:minimed_508_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_508:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_511_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_511:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_512_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_512:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_712_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_712:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_712e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_712e:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_515_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_515:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_715_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_715:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_522_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_522:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_722_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_722:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_522k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_522k:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_722k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_722k:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_523_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_523:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_723_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_723:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_523k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_523k:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_723k_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_723k:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_veo_554_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_veo_554:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_veo_754_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_veo_754:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_veo_554cm_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_veo_554cm:*:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_veo_754cm_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_veo_754cm:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/108926	Third Party Advisory VDB Entry
https://www.us-cert.gov/ics/advisories/icsma-19-178-01	Third Party Advisory US Government Resource