CVE-2011-3386

Name of the Vulnerable Software and Affected Versions Medtronic Paradigm wireless insulin pump versions 512, 522, 712, and 722

Description The issue allows remote attackers to modify the delivery of an insulin bolus dose, potentially causing adverse human health effects. This can be achieved via unspecified vectors involving wireless communications, provided the attacker has knowledge of the device's serial number. It was demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. The vendor has disputed the severity, stating that the risk of manipulation is extremely low and that users could detect unauthorized tones on the insulin pump and intervene.

Recommendations For Medtronic Paradigm wireless insulin pump versions 512, 522, 712, and 722, consider restricting access to the device's serial number to minimize the risk of exploitation. As a temporary workaround, users should be vigilant for tones on the insulin pump that weren't intentionally programmed and intervene accordingly. At the moment, there is no information about a newer version that contains a fix for this vulnerability.