CVE-2019-10964
HIGHMedtronic MiniMed 508 and Paradigm Firmware - Improper Access Control via Wireless RF Communication
Title source: llmDescription
Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
References (4)
Core 4
Core References
Various Sources
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.html
Third Party Advisory, US Government Resource
https://www.us-cert.gov/ics/advisories/icsma-19-178-01
Third Party Advisory, VDB Entry vdb-entry
http://www.securityfocus.com/bid/108926
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01
Scores
CVSS v3
7.1
EPSS
0.0116
EPSS Percentile
63.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-284
CWE-287
CWE-863
Status
published
Products (19)
medtronic/minimed_508_firmware
medtronic/minimed_paradigm_511_firmware
medtronic/minimed_paradigm_512_firmware
medtronic/minimed_paradigm_515_firmware
medtronic/minimed_paradigm_522_firmware
medtronic/minimed_paradigm_522k_firmware
medtronic/minimed_paradigm_523_firmware
< 2.4a
medtronic/minimed_paradigm_523k_firmware
< 2.4a
medtronic/minimed_paradigm_712_firmware
medtronic/minimed_paradigm_712e_firmware
... and 9 more
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026