Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for mmt-1352_firmware by medtronic

    CVE-2022-32537 (GCVE-0-2022-32537)

    Vulnerability from nvd – Published: 2022-11-17 20:47 – Updated: 2026-05-07 14:30
    VLAI
    Title
    Medtronic MiniMed 600 Series Pump System Communication Issue
    Summary
    A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Medtronic Minimed 600 Series Insulin Pump Affected: 620G, 630G, 640G, 670G
    Create a notification for this product.
    Date Public
    2022-09-20 19:31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-263-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-600-series-communication-issue.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T14:44:04.441292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T14:44:21.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Minimed 600 Series Insulin Pump",
              "vendor": "Medtronic",
              "versions": [
                {
                  "status": "affected",
                  "version": "620G, 630G, 640G, 670G"
                }
              ]
            }
          ],
          "datePublic": "2022-09-20T19:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T14:30:25.630Z",
            "orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
            "shortName": "Medtronic"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-263-01"
            },
            {
              "url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/minimed-600-series-communication-issue.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Medtronic MiniMed 600 Series Pump System Communication Issue",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
        "assignerShortName": "Medtronic",
        "cveId": "CVE-2022-32537",
        "datePublished": "2022-11-17T20:47:05.258Z",
        "dateReserved": "2022-06-07T21:26:39.432Z",
        "dateUpdated": "2026-05-07T14:30:25.630Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-32537 (GCVE-0-2022-32537)

    Vulnerability from cvelistv5 – Published: 2022-11-17 20:47 – Updated: 2026-05-07 14:30
    VLAI
    Title
    Medtronic MiniMed 600 Series Pump System Communication Issue
    Summary
    A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Medtronic Minimed 600 Series Insulin Pump Affected: 620G, 630G, 640G, 670G
    Create a notification for this product.
    Date Public
    2022-09-20 19:31
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T07:46:43.499Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-22-263-01"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-600-series-communication-issue.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-32537",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-29T14:44:04.441292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-29T14:44:21.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Minimed 600 Series Insulin Pump",
              "vendor": "Medtronic",
              "versions": [
                {
                  "status": "affected",
                  "version": "620G, 630G, 640G, 670G"
                }
              ]
            }
          ],
          "datePublic": "2022-09-20T19:31:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance\u003cbr\u003e"
                }
              ],
              "value": "A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-693",
                  "description": "CWE-693",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-07T14:30:25.630Z",
            "orgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
            "shortName": "Medtronic"
          },
          "references": [
            {
              "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-263-01"
            },
            {
              "url": "https://www.medtronic.com/en-us/e/product-security/security-bulletins/minimed-600-series-communication-issue.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Medtronic MiniMed 600 Series Pump System Communication Issue",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3c337f33-b2bd-4529-9792-f48cdb2838b4",
        "assignerShortName": "Medtronic",
        "cveId": "CVE-2022-32537",
        "datePublished": "2022-11-17T20:47:05.258Z",
        "dateReserved": "2022-06-07T21:26:39.432Z",
        "dateUpdated": "2026-05-07T14:30:25.630Z",
        "requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }