SB2019070303 - Improper access control in Medtronic MiniMed 508 and Paradigm Series Insulin Pumps

Security Bulletin ID SB2019070303

Severity

Low

Patch available

NO

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: CVE-2019-10964)

The vulnerability allows an attacker to gain unauthorized access to sensitive information.

The vulnerability exists due to the wireless RF (radio frequency) communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected products can intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/Medtronic_Security_Bulletin_Diabetes_Paradigm_062719_FINAL.pdf1

SB2019070303 - Improper access control in Medtronic MiniMed 508 and Paradigm Series Insulin Pumps

Breakdown by Severity

Description

Remediation

References

Please verify you're human