VAR-201906-1020
Vulnerability from variot - Updated: 2023-12-18 13:52In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump – All versions, MiniMed Paradigm 511 pump – All versions, MiniMed Paradigm 512/712 pumps – All versions, MiniMed Paradigm 712E pump–All versions, MiniMed Paradigm 515/715 pumps–All versions, MiniMed Paradigm 522/722 pumps – All versions,MiniMed Paradigm 522K/722K pumps – All versions, MiniMed Paradigm 523/723 pumps – Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps – Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps – Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only – Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. plural Medtronic Minimed The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Medtronic Products are prone to an security-bypass vulnerability. Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. Medtronic MiniMed 508 pump and others are insulin pumps from Medtronic. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1020",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "minimed paradigm 722k",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 723",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed paradigm 722",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 512",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 712e",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 523",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed paradigm 712",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 511",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed 508",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 723k",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed paradigm veo 554cm",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.7a"
},
{
"model": "minimed paradigm veo 754",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.6a"
},
{
"model": "minimed paradigm veo 754cm",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 715",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 515",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 522",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm 522k",
"scope": "eq",
"trust": 1.0,
"vendor": "medtronic",
"version": "*"
},
{
"model": "minimed paradigm veo 554",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.6a"
},
{
"model": "minimed paradigm 523k",
"scope": "lte",
"trust": 1.0,
"vendor": "medtronic",
"version": "2.4a"
},
{
"model": "minimed 508",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 511",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 512",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 515",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 522",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 522k",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 712",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 712e",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 715",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm 722",
"scope": null,
"trust": 0.8,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm veo 554cm and 754cm models 2.7a",
"scope": null,
"trust": 0.3,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm veo pumps 2.6a",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "554/754"
},
{
"model": "minimed paradigm 712e pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "minimed paradigm 523k/723k pumps 2.4a",
"scope": null,
"trust": 0.3,
"vendor": "medtronic",
"version": null
},
{
"model": "minimed paradigm pumps 2.4a",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "523/723"
},
{
"model": "minimed paradigm 522k/722k pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "0"
},
{
"model": "minimed paradigm pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "522/7220"
},
{
"model": "minimed paradigm pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "515/7150"
},
{
"model": "minimed paradigm pumps",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "512/7120"
},
{
"model": "minimed paradigm pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "5110"
},
{
"model": "minimed pump",
"scope": "eq",
"trust": 0.3,
"vendor": "medtronic",
"version": "5080"
}
],
"sources": [
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_508_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_508:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_511_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_511:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_512_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_512:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_712_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_712:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_712e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_712e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_515_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_515:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_715_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_715:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_522_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_522:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_722_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_722:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_522k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_522k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_722k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_722k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_523_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_523:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_723_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_723:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_523k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_523k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_723k_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.4a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_723k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_554_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_554:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_754_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_754:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_554cm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7a",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_554cm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.7a",
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:medtronic:minimed_paradigm_veo_754cm_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:medtronic:minimed_paradigm_veo_754cm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nathanael Paul, Jay Radcliffe, Barnaby Jack, Jonathan Butts and Jesse Young, Billy Rios, Medtronic., Jonathan Butts, and Jesse Young",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
],
"trust": 0.6
},
"cve": "CVE-2019-10964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-10964",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-142563",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-10964",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-10964",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-1080",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142563",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Medtronic MinMed 508 and Medtronic Minimed Paradigm Insulin Pumps, Versions, MiniMed 508 pump \u2013 All versions, MiniMed Paradigm 511 pump \u2013 All versions, MiniMed Paradigm 512/712 pumps \u2013 All versions, MiniMed Paradigm 712E pump\u2013All versions, MiniMed Paradigm 515/715 pumps\u2013All versions, MiniMed Paradigm 522/722 pumps \u2013 All versions,MiniMed Paradigm 522K/722K pumps \u2013 All versions, MiniMed Paradigm 523/723 pumps \u2013 Software versions 2.4A or lower, MiniMed Paradigm 523K/723K pumps \u2013 Software, versions 2.4A or lower, MiniMed Paradigm Veo 554/754 pumps \u2013 Software versions 2.6A or lower, MiniMed Paradigm Veo 554CM and 754CM models only \u2013 Software versions 2.7A or lower, the affected insulin pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. plural Medtronic Minimed The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Medtronic Products are prone to an security-bypass vulnerability. \nSuccessful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. Medtronic MiniMed 508 pump and others are insulin pumps from Medtronic. This vulnerability stems from network systems or products not properly restricting access to resources from unauthorized roles",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "VULHUB",
"id": "VHN-142563"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-10964",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-19-178-01",
"trust": 2.8
},
{
"db": "BID",
"id": "108926",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2351",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-142563",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"id": "VAR-201906-1020",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:52:16.963000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.medtronicdiabetes.com/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-178-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/108926"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-10964"
},
{
"trust": 0.9,
"url": "https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/medtronic_security_bulletin_diabetes_paradigm_062719_final.pdf"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-10964"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2351/"
},
{
"trust": 0.3,
"url": "https://www.medtronic.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142563"
},
{
"db": "BID",
"id": "108926"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-142563"
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108926"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"date": "2019-06-28T21:15:11.007000",
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"date": "2019-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-142563"
},
{
"date": "2019-06-27T00:00:00",
"db": "BID",
"id": "108926"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-006089"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-10964"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Medtronic Minimed Access control vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-006089"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-1080"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…