Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

Metrics

No CVSS v4.0

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:A/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Medtronicdiabetes
  • 508 Minimed Insulin Pump
  • 508 Minimed Insulin Pump Firmware
  • 522 Paradigm Real-time
  • 522 Paradigm Real-time Firmware
  • 523 Paradigm Revel
  • 523 Paradigm Revel Firmware
  • 523k Paradigm Revel
  • 523k Paradigm Revel Firmware
  • 551 Minimed 530g
  • 551 Minimed 530g Firmware
  • 722 Paradigm Real-time
  • 722 Paradigm Real-time Firmware
  • 723 Paradigm Revel
  • 723 Paradigm Revel Firmware
  • 723k Paradigm Revel
  • 723k Paradigm Revel Firmware
  • 751 Minimed 530g
  • 751 Minimed 530g Firmware

Configuration 1 [-]

AND
cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:medtronicdiabetes:523k_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:523k_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:medtronicdiabetes:723k_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:723k_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:medtronicdiabetes:551_minimed_530g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:551_minimed_530g:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:medtronicdiabetes:751_minimed_530g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:751_minimed_530g:-:*:*:*:*:*:*:*

No data.

References
Link Providers
http://www.securityfocus.com/bid/105044 cve-icon cve-icon
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-08-13T22:00:00Z

Updated: 2024-09-17T03:43:42.929Z

Reserved: 2018-08-01T00:00:00

Link: CVE-2018-14781

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-08-13T21:48:01.227

Modified: 2019-10-09T23:35:11.500

Link: CVE-2018-14781

cve-icon Redhat

No data.