{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "MiniMed 508 pump", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 511 pump", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 512/712 pumps", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 712E pump", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 515/715 pumps", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 522/722 pumps", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 522K/722K pumps", "vendor": "Medtronic", "versions": [ { "status": "affected", "version": "All versions" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 523/723 pumps", "vendor": "Medtronic", "versions": [ { "lessThanOrEqual": "Software Versions 2.4A", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm 523K/723K pumps", "vendor": "Medtronic", "versions": [ { "lessThanOrEqual": "Software Versions 2.4A", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm Veo 554/754 pumps", "vendor": "Medtronic", "versions": [ { "lessThanOrEqual": "Software Versions 2.6A", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "defaultStatus": "unaffected", "product": "MiniMed Paradigm Veo 554CM/754CM pumps", "vendor": "Medtronic", "versions": [ { "lessThanOrEqual": "Software Versions 2.7A", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Based on earlier work performed by external researchers including Nathanael Paul, Jay Radcliffe, and Barnaby Jack, and from recent work performed by external researchers Billy Rios, Jonathan Butts, and Jesse Young, Medtronic performed additional variant analysis and reported this vulnerability" } ], "datePublic": "2019-06-27T06:00:00.000Z", "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
\n\nMedtronic MiniMed Insulin Pumps\n\n are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
" } ], "value": "Medtronic MiniMed Insulin Pumps\n\n are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-05-22T18:29:15.376Z" }, "references": [ { "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.html" }, { "name": "108926", "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01" }, { "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/108926" } ], "source": { "advisory": "ICSMA-19-178-01", "discovery": "INTERNAL" }, "title": "Medtronic MiniMed 508 and Paradigm Series Insulin Pumps Improper Access Control", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "Medtronic recommends U.S. patients who are currently using the affected products talk to their healthcare provider about changing to a newer model insulin pump with increased cybersecurity protection. Patients outside the U.S. will receive a notification letter with instructions based on the country where they live.
Medtronic recommends all patients take the cybersecurity precautions indicated below.
CYBERSECURITY PRECAUTIONS RECOMMENDED FOR ALL PATIENTS:
Medtronic has released additional patient-focused information, at the following location:
https://www.medtronic.com/security
\n\n