Cleartext Communication Vulnerability in Medtronic Insulin Pumps
CVE-2018-10634

5.3MEDIUM

Key Information:

Vendor

Medtronic

Status
Mmt- 508 - Minimed Pump
Mmt – 511 Pump Paradigm
Mmt – 512 / Mmt – 712 Paradigm X12
Mmt – 515 / Mmt – 715 Paradigm X15
Vendor
CVE Published:
13 August 2018

What is CVE-2018-10634?

The Medtronic MMT 508 MiniMed insulin pumps and select Paradigm models expose sensitive communication between the devices and their wireless accessories by transmitting data in cleartext. This design flaw allows an attacker with the necessary expertise to intercept and analyze these communications to extract confidential information, including device serial numbers, potentially compromising user privacy and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MMT – 511 pump Paradigm All versions

MMT – 512 / MMT – 712 Paradigm x12 All versions

MMT – 515 / MMT – 715 Paradigm x15 All versions

References

https://global.medtronic.com/xg-en/product-security/secur...
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
http://www.securityfocus.com/bid/105044
vdb-entry

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.