{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MMT- 508 - MiniMed pump", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 511 pump Paradigm", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 512 / MMT \u2013 712 Paradigm x12", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 515 / MMT \u2013 715 Paradigm x15", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 522 / MMT \u2013 722 Paradigm REAL-TIME", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 522(K) / MMT \u2013 722(K) Paradigm REAL-TIME", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 523 / MMT \u2013 723 Paradigm Revel", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 523(K) / MMT \u2013 723(K) Paradigm", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 554 / MMT \u2013 754 MiniMed Veo", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 551 / MMT \u2013 751 MiniMed 530G", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities to CISA."}], "datePublic": "2018-08-08T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.</span>\n\n</p>"}], "value": "Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-05-22T16:28:03.155Z"}, "references": [{"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html"}, {"name": "105044", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/105044"}], "source": {"advisory": "ICSMA-18-219-02", "discovery": "EXTERNAL"}, "title": "Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The remote option is turned off in the pump by default. &nbsp;</p><p>Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. </p><p>Medtronic has released <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\">additional patient focused information</a>.</p><p>Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic. </p>"}], "value": "The remote option is turned off in the pump by default. \u00a0\n\nMedtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. \n\nMedtronic has released additional patient focused information https://www.medtronic.com/security .\n\nAdditionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic."}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-08-08T00:00:00", "ID": "CVE-2018-10634", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Medtronic insulin pump", "version": {"version_data": [{"version_value": "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G"}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"name": "105044", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105044"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.358Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"name": "105044", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105044"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10634", "datePublished": "2018-08-13T22:00:00.000Z", "dateReserved": "2018-05-01T00:00:00.000Z", "dateUpdated": "2025-05-22T16:28:03.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523k_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B4F654-D6B5-4A10-983B-F80EA8F9D99A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2404EE2B-F712-4232-A382-20399B78A9A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723k_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8587878-D7E8-42B8-A8C0-236243E37458", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723k:-:*:*:*:*:*:*:*", "matchCriteriaId": "555610AE-696A-4673-9B95-0D095E453911", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA9287D2-C190-456C-8CEA-BCF2A02AD487", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723:-:*:*:*:*:*:*:*", "matchCriteriaId": "19BD65EB-7A85-45B8-BB93-11E417F4181C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_530g_mmt-551_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEA918D3-42B6-484B-B643-E7AE49153F53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_530g_mmt-551:-:*:*:*:*:*:*:*", "matchCriteriaId": "249E8C9C-AB48-4A8D-A2AC-F7EE6917DDF9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-522_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "75E6FAB6-E13B-4294-8BED-5F976B3E6ABE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-522:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3C573F8-6C1E-409A-9DF5-CEA6EC2796ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-722_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEA193F7-05B7-41A6-866E-136AB56314D6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-722:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB40167D-EDF2-403B-8C72-C71DA21EE450", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_530g_mmt-751_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC43E0A3-7036-480A-BAE7-D6396FA13ECF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_530g_mmt-751:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDE3998E-D031-46D8-BC10-D9001D6F704C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "769B8111-BCCB-456F-8795-757CBE6CFEB6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523:-:*:*:*:*:*:*:*", "matchCriteriaId": "299B0182-88F8-4025-97AB-BCB1EB1BACE3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_508_insulin_pump_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8CF5E75-66A5-4561-B0C5-D702311C5D4F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_508_insulin_pump:-:*:*:*:*:*:*:*", "matchCriteriaId": "11487034-50C2-45AE-AF55-28DFCA1F51B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}, {"lang": "es", "value": "En la v\u00e1lvula de insulina de Medtronic MMT 508 MiniMed, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel y 551 / MMT - 751 MiniMed 530G, las comunicaciones entre la v\u00e1lvula y los accesorios inal\u00e1mbricos se transmiten en texto claro. Un atacante suficientemente h\u00e1bil podr\u00eda capturar estas transmisiones y extraer informaci\u00f3n sensible, como los n\u00fameros de serie de los dispositivos."}], "id": "CVE-2018-10634", "lastModified": "2025-05-22T17:15:21.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2018-08-13T21:47:59.040", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105044"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}