CVE-2020-10627
Summary
| CVE | CVE-2020-10627 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-12-01 16:15:00 UTC |
| Updated | 2023-09-25 02:30:00 UTC |
| Description | Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Insulet | Omnipod Insulin Management System | 19191 | All | All | All |
| Hardware | Insulet | Omnipod Insulin Management System | 40160 | All | All | All |
| Operating System | Insulet | Omnipod Insulin Management System Firmware | - | All | All | All |
| Hardware | Omnipod | Insulin Management System | 19191 | All | All | All |
| Hardware | Omnipod | Insulin Management System | 40160 | All | All | All |
| Operating System | Omnipod | Insulin Management System Firmware | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Insulet Omnipod | CISA | MISC | us-cert.cisa.gov | |
| Security Bulletins | Omnipod.com | MISC | www.myomnipod.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Thirdwayv Inc. reported this vulnerability to Insulet
There are currently no legacy QID mappings associated with this CVE.