CVE-2019-10964

Name: CVE-2019-10964
Creator: NVD / NIST
Published: 2019-06-28T21:15:11.007+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 1.16%

Last modified Jun 17, 2026

CVE-2019-10964 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. EPSS estimates a 1.16% chance of exploitation in the next 30 days.

Description

Medtronic MiniMed Insulin Pumps are designed to communicate using a wireless RF with other devices, such as blood glucose meters, glucose sensor transmitters, and CareLink USB devices. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with adjacent access to one of the affected insulin pump models can inject, replay, modify, and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

Metrics

CVSS 3.1

7.1/10

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS Probability

1.16%

63.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Medtronic	Minimed 508 Firmware	All versions
Medtronic	Minimed Paradigm 511 Firmware	All versions
Medtronic	Minimed Paradigm 512 Firmware	All versions
Medtronic	Minimed Paradigm 712 Firmware	All versions
Medtronic	Minimed Paradigm 712e Firmware	All versions
Medtronic	Minimed Paradigm 515 Firmware	All versions
Medtronic	Minimed Paradigm 715 Firmware	All versions
Medtronic	Minimed Paradigm 522 Firmware	All versions
Medtronic	Minimed Paradigm 722 Firmware	All versions
Medtronic	Minimed Paradigm 522k Firmware	All versions
Medtronic	Minimed Paradigm 722k Firmware	All versions
Medtronic	Minimed Paradigm 523 Firmware	<= 2.4a
Medtronic	Minimed Paradigm 723 Firmware	<= 2.4a
Medtronic	Minimed Paradigm 523k Firmware	<= 2.4a
Medtronic	Minimed Paradigm 723k Firmware	<= 2.4a
Medtronic	Minimed Paradigm Veo 554 Firmware	<= 2.6a
Medtronic	Minimed Paradigm Veo 754 Firmware	<= 2.6a
Medtronic	Minimed Paradigm Veo 554cm Firmware	<= 2.7a
Medtronic	Minimed Paradigm Veo 754cm Firmware	All versions

References

http://www.securityfocus.com/bid/108926Third Party Advisory, VDB Entry
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-508-paradigm.html
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-178-01
http://www.securityfocus.com/bid/108926Third Party Advisory, VDB Entry
https://www.us-cert.gov/ics/advisories/icsma-19-178-01Third Party Advisory, US Government Resource

Timeline

Published: Jun 28, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-10964?

How severe is CVE-2019-10964?

CVE-2019-10964 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 1.16% probability of exploitation in the next 30 days.

How do I fix CVE-2019-10964?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-10964?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST