CVE-2022-32537 MEDIUM

CVE-2022-32537: Medtronic MiniMed 600 Series Pump System Communication Issue

Vendor Medtronic
Product Minimed 600 Series Insulin Pump
Weakness CWE-693
Published November 17, 2022
Last update May 7, 2026

CVSS base score

4.8/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

01Description

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance

Key dates

02Disclosure timeline

November 17, 2022 CVE published
May 7, 2026 Record updated

Related vulnerabilities

04Related CVE