← Back

CVE-2020-10627

nvd nist
Published: Dec 1, 2021Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Affected (1)

Insulet
1 product
Omnipod Insulin Management System Firmware
Configuration A
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Omnipod Insulin Management System Firmware
All versions
Running on/withPlatform Versions
Insulet
Omnipod Insulin Management System
Version 19191
Insulet
Omnipod Insulin Management System
Version 40160

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: ics-cert@hq.dhs.gov
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.