NVD

Id
10038  
Name
CVE-2011-3386  
Description
Unspecified vulnerability in Medtronic Paradigm wireless insulin pump 512, 522, 712, and 722 allows remote attackers to modify the delivery of an insulin bolus dose and cause a denial of service (adverse human health effects) via unspecified vectors involving wireless communications and knowledge of the device"s serial number, as demonstrated by Jerome Radcliffe at the Black Hat USA conference in August 2011. NOTE: the vendor has disputed the severity of this issue, saying "we believe the risk of deliberate, malicious, or unauthorized manipulation of medical devices is extremely low... we strongly believe it would be extremely difficult for a third-party to wirelessly tamper with your insulin pump... you would be able to detect tones on the insulin pump that weren"t intentionally programmed and could intervene accordingly."  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
4.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:N/I:P/A:P)  
Pub Date
2017-01-07  
Published
2011-09-02  
Modified Date
2011-09-12  
Seq
2011-3386  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
57558 10038 CVE-2011-3386 http://sixuntilme.com/blog2/2011/08/hacked_jay_radcliffe_insulin_p.html  View
57559 10038 CVE-2011-3386 http://www.darkreading.com/security/vulnerabilities/231300312/getting-root-on-the-human-body.html  View
57560 10038 CVE-2011-3386 http://www.foxnews.com/scitech/2011/08/04/insulin-pumps-vulnerable-to-hacking/?test=faces  View
57561 10038 CVE-2011-3386 http://www.hanselman.com/blog/HackersCanKillDiabeticsWithInsulinPumpsFromAHalfMileAwayUmNoFactsVsJournalisticFearMongering.aspx  View
57562 10038 CVE-2011-3386 http://www.informationweek.com/news/security/vulnerabilities/231600265  View
57563 10038 CVE-2011-3386 http://www.loop-blog.com/Blog_Full_Post?id=a09C000000Dbz3JIAR  View
57564 10038 CVE-2011-3386 http://www.scmagazineus.com/black-hat-insulin-pumps-can-be-hacked/article/209106/  View
57565 10038 CVE-2011-3386 paradigm-insulin-pump-dos(69643)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
34643 JVNDB-2011-004885 Medtronic Paradigm ワイヤレスインシュリンポンプにおけるサービス運用妨害 (DoS) の脆弱性 Medtronic Paradigm ワイヤレスインシュリンポンプには、インシュリンボーラス投与量を変更し、サービス運用妨害 (有害な人間健康への影響) 状態となる脆弱性が存在します。 CVE-2011-3386 51293 CVE-2011-3386 10038 4 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-004885.html 2011-09-02 2012-03-27 View