CVE-2019-10964: Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-10964

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control

Source: NVD (National Vulnerability Database)

Vulnerability Description

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

访问控制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

多款Medtronic产品访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Medtronic MiniMed 508 pump等都是美国美敦力（Medtronic）公司的一款胰岛素泵。多款Medtronic产品中存在访问控制错误漏洞。该漏洞源于网络系统或产品未正确限制来自未授权角色的资源访问。以下产品及版本受到影响：MiniMed 508 pump（全部版本）；MiniMed Paradigm 511 pump（全部版本）；MiniMed Paradigm 512/712 pumps（全部版本）；MiniMed Paradigm 712E pump（全部版本）；MiniMed

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
Medtronic	MiniMed 508 pump	All versions	-
Medtronic	MiniMed Paradigm 511 pump	All versions	-
Medtronic	MiniMed Paradigm 512/712 pumps	All versions	-
Medtronic	MiniMed Paradigm 712E pump	All versions	-
Medtronic	MiniMed Paradigm 515/715 pumps	All versions	-
Medtronic	MiniMed Paradigm 522/722 pumps	All versions	-
Medtronic	MiniMed Paradigm 522K/722K pumps	All versions	-
Medtronic	MiniMed Paradigm 523/723 pumps	0 ~ Software Versions 2.4A	-
Medtronic	MiniMed Paradigm 523K/723K pumps	0 ~ Software Versions 2.4A	-
Medtronic	MiniMed Paradigm Veo 554/754 pumps	0 ~ Software Versions 2.6A	-
Medtronic	MiniMed Paradigm Veo 554CM/754CM pumps	0 ~ Software Versions 2.7A	-

II. Public POCs for CVE-2019-10964

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-10964

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same vendor: Medtronic

Same weakness: CWE-284

V. Comments for CVE-2019-10964

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2019-10964

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-10964

III. Intelligence Information for CVE-2019-10964

IV. Related Vulnerabilities

V. Comments for CVE-2019-10964

Leave a comment