CVE-2022-32537
Description
A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
References
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-263-01
- https://www.medtronic.com/en-us/e/product-security/security-bulletins/minimed-600-series-communication-issue.html
- https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-600-series-communication-issue.html
- https://www.cisa.gov/uscert/ics/advisories/icsma-22-263-01
CWEs
CWE-693
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.