CVE-2020-10627

Name of the Vulnerable Software and Affected Versions Insulet Omnipod Insulin Management System versions with product ID 19191 and 40160

Description The wireless RF communication protocol used by the Insulet Omnipod Insulin Management System does not properly implement authentication or authorization. This issue could allow an attacker with access to one of the affected insulin pump models to modify and/or intercept data, potentially changing pump settings and controlling insulin delivery.

Recommendations For Insulet Omnipod Insulin Management System versions with product ID 19191 and 40160, consider restricting access to the wireless RF communication protocol until a proper authentication and authorization mechanism is implemented. As a temporary workaround, restrict physical access to the affected insulin pump models to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.