Protection Mechanism Failure in Medtronic products - CVE-2022-32537

 

Protection Mechanism Failure in Medtronic products - CVE-2022-32537

Published: September 21, 2022


Vulnerability identifier: #VU67535
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-32537
CWE-ID: CWE-693
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Medtronic
Affected software:
MiniMed 620G
MiniMed 630G
MiniMed 640G
MiniMed 670G

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to insufficient implementation of security measures. A remote user on the local network can learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components.


How to mitigate CVE-2022-32537

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources