Skip to main content

Insulet Omnipod RF Authentication Vulnerability

Insulet Corp. has released details of an improper access control vulnerability affecting their Omnipod Insulin Management System (IMS) products. They claim that an unauthenticated user could exploit this vulnerability to intercept or modify sensitive data, or alter system settings.

Threat ID:
CC-3405
Category:
Threat Severity:
Low
Threat Vector:
Published:
25 March 2020 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Insulet Corp. has released details of an improper access control vulnerability affecting their Omnipod Insulin Management System (IMS) products. They claim that an unauthenticated user could exploit this vulnerability to intercept or modify sensitive data, or alter system settings.

Affected platforms

The following platforms are known to be affected:

  • Insulet Omnipod IMS:
    • Product ID - 19191 and 40160
    • UDI/Model/NDC - ZXP425 (10-Pack) and ZXR425 (10-Pack Canada)

Threat details

The vulnerability is a result of the RF communication protocol used by Omnipod IMS products not properly authenticating or authorising inputs. An attacker in radio-frequency (RF) range could submit malicious commands to an affected system to change pump and insulin delivery settings, or modify patient data sent from the system.

For further information:

Remediation steps

Type Step

Insulet Corp. are recommending affected organisations review their security bulletin and apply any necessary workarounds, as well as contact their relevant suppliers.

CVE Vulnerabilities

Status

CVE-2020-10597

Last edited: 29 June 2021 12:01 pm