CVE Vulnerability

CVE-2020-10627

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

4.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 6.5 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

8.1 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsma-20-079-01 Third Party Advisory US Government Resource
https://www.myomnipod.com/security-bulletins Vendor Advisory
Configurations

Configuration 1
Information

Published : 2021-12-01 04:15

Updated : 2022-10-25 04:12

NVD link : CVE-2020-10627

Mitre link : CVE-2020-10627

Products Affected

Insulin Management System Firmware

Omnipod

CWE
NVD-CWE-Other