CVE-2011-3386 : Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522,

Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device's serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying "we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren't intentionally programmed and could intervene accordingly."

Published 2011-09-02 23:55:05

Updated 2017-08-29 01:30:11

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2011-3386

Medtronic » Paradigm Wireless Insulin Pump » Version: 722
cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:722:*:*:*:*:*:*:*
Matching versions
Medtronic » Paradigm Wireless Insulin Pump » Version: 512
cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:512:*:*:*:*:*:*:*
Matching versions
Medtronic » Paradigm Wireless Insulin Pump » Version: 522
cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:522:*:*:*:*:*:*:*
Matching versions
Medtronic » Paradigm Wireless Insulin Pump » Version: 712
cpe:2.3:h:medtronic:paradigm_wireless_insulin_pump:712:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2011-3386

EPSS FAQ

3.76%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 91 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-3386

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.0	MEDIUM	AV:N/AC:H/Au:N/C:N/I:P/A:P	4.9	4.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2011-3386

https://exchange.xforce.ibmcloud.com/vulnerabilities/69643

Medtronic Paradigm wireless insulin pump denial of service CVE-2011-3386 Vulnerability Report
http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html

Six Until Me.: Hacked: Jay Radcliffe, Insulin Pumps, and Diabetes Sensationalism.
http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html

Getting Root On The Human Body
http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces

Insulin Pumps Vulnerable to Hacking | Fox News
http://www.informationweek.com/news/security/vulnerabilities/231600265

InformationWeek, serving the information needs of the Business Technology Community
http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx

Hackers can kill Diabetics with Insulin Pumps from a half mile away - Um, no. Facts vs. Journalistic Fear mongering - Scott Hanselman
http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/

Not Found
http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR

Medtronicdiabetes :: Page Not Found | Medtronic Diabetes

Jump to

Vulnerability Details : CVE-2011-3386

Products affected by CVE-2011-3386

Exploit prediction scoring system (EPSS) score for CVE-2011-3386

CVSS scores for CVE-2011-3386

References for CVE-2011-3386