Vulnerability identifier: #VU19004
Vulnerability risk: Low
CVSSv3.1: 6.5 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-284
Exploitation vector: Local network
Exploit availability: No
Vulnerable software:
MiniMed Paradigm Veo 754CM
Hardware solutions /
Medical equipment
MiniMed Paradigm Veo 554CM
Hardware solutions /
Medical equipment
MiniMed Paradigm Veo 554/754
Hardware solutions /
Medical equipment
MiniMed Paradigm 523K/723K
Hardware solutions /
Medical equipment
MiniMed Paradigm 523/723
Hardware solutions /
Medical equipment
MiniMed Paradigm 522K/722K
Hardware solutions /
Medical equipment
MiniMed Paradigm 522/722
Hardware solutions /
Medical equipment
MiniMed Paradigm 712E
Hardware solutions /
Medical equipment
MiniMed Paradigm 512/712
Hardware solutions /
Medical equipment
MiniMed Paradigm 511
Hardware solutions /
Medical equipment
MiniMed 508
Hardware solutions /
Medical equipment
Vendor: Medtronic
Description
The vulnerability allows an attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to the wireless RF (radio frequency) communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected products can intercept, modify, or interfere with the wireless RF (radio frequency) communications to or from the product. This may allow attackers to read sensitive data, change pump settings, or control insulin delivery.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
MiniMed Paradigm Veo 754CM: All versions
MiniMed Paradigm Veo 554CM: All versions
MiniMed Paradigm Veo 554/754: All versions
MiniMed Paradigm 523K/723K: All versions
MiniMed Paradigm 523/723: All versions
MiniMed Paradigm 522K/722K: All versions
MiniMed Paradigm 522/722: All versions
MiniMed Paradigm 712E: All versions
MiniMed Paradigm 512/712: All versions
MiniMed Paradigm 511: All versions
MiniMed 508: All versions
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.