Risk | Low |
Patch available | NO |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-10964 |
CWE-ID | CWE-284 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
MiniMed Paradigm Veo 754CM Hardware solutions / Medical equipment MiniMed Paradigm Veo 554CM Hardware solutions / Medical equipment MiniMed Paradigm Veo 554/754 Hardware solutions / Medical equipment MiniMed Paradigm 523K/723K Hardware solutions / Medical equipment MiniMed Paradigm 523/723 Hardware solutions / Medical equipment MiniMed Paradigm 522K/722K Hardware solutions / Medical equipment MiniMed Paradigm 522/722 Hardware solutions / Medical equipment MiniMed Paradigm 712E Hardware solutions / Medical equipment MiniMed Paradigm 512/712 Hardware solutions / Medical equipment MiniMed Paradigm 511 Hardware solutions / Medical equipment MiniMed 508 Hardware solutions / Medical equipment |
Vendor | Medtronic |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU19004
Risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2019-10964
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to the wireless RF (radio frequency) communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected products can intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsMiniMed Paradigm Veo 754CM: All versions
MiniMed Paradigm Veo 554CM: All versions
MiniMed Paradigm Veo 554/754: All versions
MiniMed Paradigm 523K/723K: All versions
MiniMed Paradigm 523/723: All versions
MiniMed Paradigm 522K/722K: All versions
MiniMed Paradigm 522/722: All versions
MiniMed Paradigm 712E: All versions
MiniMed Paradigm 512/712: All versions
MiniMed Paradigm 511: All versions
MiniMed 508: All versions
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.