CVE-2022-32537 — MEDIUM (4.8)

Vulnerability Description

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Medtronic	Guardian Link 2 Transmitter Mmt-7730 Firmware	-
Medtronic	Guardian Link 2 Transmitter Mmt-7730	-
Medtronic	Guardian Link 2 Transmitter Mmt-7731 Firmware	-
Medtronic	Guardian Link 2 Transmitter Mmt-7731	-
Medtronic	Guardian Link 2 Transmitter Mmt-7738 Firmware	-
Medtronic	Guardian Link 2 Transmitter Mmt-7738	-
Medtronic	Guardian Link 2 Transmitter Mmt-7775 Firmware	-
Medtronic	Guardian Link 2 Transmitter Mmt-7775	-
Medtronic	Guardian Link 3 Transmitter Mmt-7810 Firmware	-
Medtronic	Guardian Link 3 Transmitter Mmt-7810	-
Medtronic	Guardian Link 3 Transmitter Mmt-7811 Firmware	-
Medtronic	Guardian Link 3 Transmitter Mmt-7811	-
Medtronic	Minimed 620G Mmt-1750 Firmware	-
Medtronic	Minimed 620G Mmt-1750	-
Medtronic	Minimed 630G Mmt-1715 Firmware	-
Medtronic	Minimed 630G Mmt-1715	-
Medtronic	Minimed 630G Mmt-1754 Firmware	-
Medtronic	Minimed 630G Mmt-1754	-
Medtronic	Minimed 630G Mmt-1755 Firmware	-
Medtronic	Minimed 630G Mmt-1755	-

Related Weaknesses (CWE)

CWE-693

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-22-263-01
https://www.medtronic.com/en-us/e/product-security/security-bulletins/minimed-60
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed-6MitigationVendor Advisory
https://www.cisa.gov/uscert/ics/advisories/icsma-22-263-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2022-32537?

CVE-2022-32537 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components....

How severe is CVE-2022-32537?

CVE-2022-32537 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-32537?

Check the references section above for vendor advisories and patch information. Affected products include: Medtronic Guardian Link 2 Transmitter Mmt-7730 Firmware, Medtronic Guardian Link 2 Transmitter Mmt-7730, Medtronic Guardian Link 2 Transmitter Mmt-7731 Firmware, Medtronic Guardian Link 2 Transmitter Mmt-7731, Medtronic Guardian Link 2 Transmitter Mmt-7738 Firmware.