CVE-2019-10964

Name of the Vulnerable Software and Affected Versions Medtronic MinMed 508 versions all Medtronic Minimed Paradigm Insulin Pumps versions all MiniMed Paradigm 511 pump versions all MiniMed Paradigm 512/712 pumps versions all MiniMed Paradigm 712E pump versions all MiniMed Paradigm 515/715 pumps versions all MiniMed Paradigm 522/722 pumps versions all MiniMed Paradigm 522K/722K pumps versions all MiniMed Paradigm 523/723 pumps versions 2.4A or lower MiniMed Paradigm 523K/723K pumps versions 2.4A or lower MiniMed Paradigm Veo 554/754 pumps versions 2.6A or lower MiniMed Paradigm Veo 554CM and 754CM models only versions 2.7A or lower

Description The affected insulin pumps use a wireless RF communication protocol that does not properly implement authentication or authorization. This allows an attacker with adjacent access to inject, replay, modify, and/or intercept data, potentially changing pump settings and controlling insulin delivery.

Recommendations For Medtronic MinMed 508, update the software to a version that properly implements authentication and authorization. For MiniMed Paradigm 511 pump, update the software to a version that properly implements authentication and authorization. For MiniMed Paradigm 512/712 pumps, update the software to a version that properly implements authentication and authorization. For MiniMed Paradigm 712E pump, update the software to a version that properly implements authentication and authorization. For MiniMed Paradigm 515/715 pumps, update the software to a version that properly implements authentication and authorization. For MiniMed Paradigm 522/722 pumps, update the software to a version that properly implements authentication and authorization. For MiniMed Paradigm 522K/722K pumps, update the software to a version that properly implements authentication and authorization. For MiniMed Paradigm 523/723 pumps versions 2.4A or lower, update the software to a version higher than 2.4A. For MiniMed Paradigm 523K/723K pumps versions 2.4A or lower, update the software to a version higher than 2.4A. For MiniMed Paradigm Veo 554/754 pumps versions 2.6A or lower, update the software to a version higher than 2.6A. For MiniMed Paradigm Veo 554CM and 754CM models only versions 2.7A or lower, update the software to a version higher than 2.7A.