CVE-2022-32537 | Medtronic MiniMed 600 Series Pump System Communication Issue

A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance

Published: 2022-12-12 Last update: 2026-06-17 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2022-32537 is rated Low Risk (27.5/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.32%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2022-32537

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.05% 0.32% +0.27%
2 2025-08-12 0.05% 0.05% +0.01%
3 2025-03-30 0.05%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2022-32537

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.8 3.1 MEDIUM
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
1.2 3.6 [email protected]
4.8 3.1 MEDIUM
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:H)
Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L)
A normal user session is enough; they don’t have to be admin.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U)
Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:H)
They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:N)
Service keeps running; no real outage angle.
1.2 3.6 [email protected]

Weakness enumeration for CVE-2022-32537

GitHub Security Advisory for CVE-2022-32537

GHSA-79c7-fcvq-hwm8 · Severity: medium — A vulnerability exists which could allow an unauthorized user to learn aspects of the...

Affected software / configurations for CVE-2022-32537

Vendor Product Version Raw CPE
medtronic guardian_link_2_transmitter_mmt-7730_firmware cpe:2.3:o:medtronic:guardian_link_2_transmitter_mmt-7730_firmware:-:*:*:*:*:*:*:*
medtronic guardian_link_2_transmitter_mmt-7731_firmware cpe:2.3:o:medtronic:guardian_link_2_transmitter_mmt-7731_firmware:-:*:*:*:*:*:*:*
medtronic guardian_link_2_transmitter_mmt-7738_firmware cpe:2.3:o:medtronic:guardian_link_2_transmitter_mmt-7738_firmware:-:*:*:*:*:*:*:*
medtronic guardian_link_2_transmitter_mmt-7775_firmware cpe:2.3:o:medtronic:guardian_link_2_transmitter_mmt-7775_firmware:-:*:*:*:*:*:*:*
medtronic guardian_link_3_transmitter_mmt-7810_firmware cpe:2.3:o:medtronic:guardian_link_3_transmitter_mmt-7810_firmware:-:*:*:*:*:*:*:*
medtronic guardian_link_3_transmitter_mmt-7811_firmware cpe:2.3:o:medtronic:guardian_link_3_transmitter_mmt-7811_firmware:-:*:*:*:*:*:*:*
medtronic minimed_620g_mmt-1750_firmware cpe:2.3:o:medtronic:minimed_620g_mmt-1750_firmware:-:*:*:*:*:*:*:*
medtronic minimed_630g_mmt-1715_firmware cpe:2.3:o:medtronic:minimed_630g_mmt-1715_firmware:-:*:*:*:*:*:*:*
medtronic minimed_630g_mmt-1754_firmware cpe:2.3:o:medtronic:minimed_630g_mmt-1754_firmware:-:*:*:*:*:*:*:*
medtronic minimed_630g_mmt-1755_firmware cpe:2.3:o:medtronic:minimed_630g_mmt-1755_firmware:-:*:*:*:*:*:*:*
medtronic minimed_640g_mmt-1711_firmware cpe:2.3:o:medtronic:minimed_640g_mmt-1711_firmware:-:*:*:*:*:*:*:*
medtronic minimed_640g_mmt-1712_firmware cpe:2.3:o:medtronic:minimed_640g_mmt-1712_firmware:-:*:*:*:*:*:*:*
medtronic minimed_640g_mmt-1751_firmware cpe:2.3:o:medtronic:minimed_640g_mmt-1751_firmware:-:*:*:*:*:*:*:*
medtronic minimed_640g_mmt-1752_firmware cpe:2.3:o:medtronic:minimed_640g_mmt-1752_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1740_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1740_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1741_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1741_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1742_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1742_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1760_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1760_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1761_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1761_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1762_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1762_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1780_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1780_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1781_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1781_firmware:-:*:*:*:*:*:*:*
medtronic minimed_670g_mmt-1782_firmware cpe:2.3:o:medtronic:minimed_670g_mmt-1782_firmware:-:*:*:*:*:*:*:*
medtronic mmt-1151_firmware cpe:2.3:o:medtronic:mmt-1151_firmware:-:*:*:*:*:*:*:*
medtronic mmt-1152_firmware cpe:2.3:o:medtronic:mmt-1152_firmware:-:*:*:*:*:*:*:*
medtronic mmt-1351_firmware cpe:2.3:o:medtronic:mmt-1351_firmware:-:*:*:*:*:*:*:*
medtronic mmt-1352_firmware cpe:2.3:o:medtronic:mmt-1352_firmware:-:*:*:*:*:*:*:*
medtronic mmt-7306_firmware cpe:2.3:o:medtronic:mmt-7306_firmware:-:*:*:*:*:*:*:*

References for CVE-2022-32537

cvelogic Threat Intelligence