CVE-2022-32537

Name: CVE-2022-32537
Creator: NVD / NIST
Published: 2022-12-12T13:15:12.263+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.8/10EPSS 0.32%

Last modified Jun 17, 2026

CVE-2022-32537 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. EPSS estimates a 0.32% chance of exploitation in the next 30 days.

Description

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance

Metrics

CVSS 3.1

4.8/10

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS Probability

0.32%

23.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-693

Affected Software

Vendor	Product	Versions
Medtronic	Guardian Link 2 Transmitter Mmt-7730 Firmware	All versions
Medtronic	Guardian Link 2 Transmitter Mmt-7731 Firmware	All versions
Medtronic	Guardian Link 2 Transmitter Mmt-7738 Firmware	All versions
Medtronic	Guardian Link 2 Transmitter Mmt-7775 Firmware	All versions
Medtronic	Guardian Link 3 Transmitter Mmt-7810 Firmware	All versions
Medtronic	Guardian Link 3 Transmitter Mmt-7811 Firmware	All versions
Medtronic	Minimed 620g Mmt-1750 Firmware	All versions
Medtronic	Minimed 630g Mmt-1715 Firmware	All versions
Medtronic	Minimed 630g Mmt-1754 Firmware	All versions
Medtronic	Minimed 630g Mmt-1755 Firmware	All versions
Medtronic	Minimed 640g Mmt-1711 Firmware	All versions
Medtronic	Minimed 640g Mmt-1712 Firmware	All versions
Medtronic	Minimed 640g Mmt-1751 Firmware	All versions
Medtronic	Minimed 640g Mmt-1752 Firmware	All versions
Medtronic	Minimed 670g Mmt-1740 Firmware	All versions
Medtronic	Minimed 670g Mmt-1741 Firmware	All versions
Medtronic	Minimed 670g Mmt-1742 Firmware	All versions
Medtronic	Minimed 670g Mmt-1760 Firmware	All versions
Medtronic	Minimed 670g Mmt-1761 Firmware	All versions
Medtronic	Minimed 670g Mmt-1762 Firmware	All versions
Medtronic	Minimed 670g Mmt-1780 Firmware	All versions
Medtronic	Minimed 670g Mmt-1781 Firmware	All versions
Medtronic	Minimed 670g Mmt-1782 Firmware	All versions
Medtronic	Mmt-1151 Firmware	All versions
Medtronic	Mmt-1152 Firmware	All versions
Medtronic	Mmt-1351 Firmware	All versions
Medtronic	Mmt-1352 Firmware	All versions
Medtronic	Mmt-7306 Firmware	All versions

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-263-01
https://www.medtronic.com/en-us/e/product-security/security-bulletins/minimed-600-series-communication-issue.html
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-600-series-communication-issue.htmlMitigation, Vendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-22-263-01Third Party Advisory, US Government Resource

Timeline

Published: Dec 12, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-32537?

How severe is CVE-2022-32537?

CVE-2022-32537 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.32% probability of exploitation in the next 30 days.

How do I fix CVE-2022-32537?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-32537?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST