8.8

CVE-2019-10964

Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control

Medtronic MiniMed Insulin Pumps

 are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.16% 0.631
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 5.8 6.5 6.4
AV:A/AC:L/Au:N/C:P/I:P/A:P
ics-cert@hq.dhs.gov 7.1 1.6 5.5
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://www.securityfocus.com/bid/108926
Third Party Advisory
VDB Entry
https://www.us-cert.gov/ics/advisories/icsma-19-178-01
Third Party Advisory
US Government Resource
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01