CVE-2020-10627
Last modified
CVE-2020-10627 is a high-severity vulnerability rated 8.1/10 on the CVSS scale. Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. EPSS estimates a 0.48% chance of exploitation in the next 30 days.
Description
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Insulet | Omnipod Insulin Management System Firmware | All versions |
References
- https://us-cert.cisa.gov/ics/advisories/icsma-20-079-01Third Party Advisory, US Government Resource
- https://www.myomnipod.com/security-bulletinsVendor Advisory
- https://us-cert.cisa.gov/ics/advisories/icsma-20-079-01Third Party Advisory, US Government Resource
- https://www.myomnipod.com/security-bulletinsVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-10627?
How severe is CVE-2020-10627?
How do I fix CVE-2020-10627?
Are you affected by CVE-2020-10627?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST