QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2020-10627

Back to search

CVE-2020-10627

Published: Dec 1, 2021

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

7.3

HIGH

Description

Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery.

VendorProductVersions

Insulet

Omnipod Insulin Management System

affected
19191
affected
40160
affected
ZXP425
affected
ZXR425

Weaknesses (CWE)

CWE-284

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

Low

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now