Cleartext Communication Vulnerability in Medtronic Insulin Pumps
CVE-2018-10634

5.3MEDIUM

Key Information:

Vendor: Medtronic
Status: Mmt- 508 - Minimed Pump; Mmt – 511 Pump Paradigm; Mmt – 512 / Mmt – 712 Paradigm X12; Mmt – 515 / Mmt – 715 Paradigm X15
Vendor: CVE Published:; 13 August 2018

What is CVE-2018-10634?

The Medtronic MMT 508 MiniMed insulin pumps and select Paradigm models expose sensitive communication between the devices and their wireless accessories by transmitting data in cleartext. This design flaw allows an attacker with the necessary expertise to intercept and analyze these communications to extract confidential information, including device serial numbers, potentially compromising user privacy and security.

Affected Version(s)

MMT – 511 pump Paradigm All versions

MMT – 512 / MMT – 712 Paradigm x12 All versions

MMT – 515 / MMT – 715 Paradigm x15 All versions

References

https://global.medtronic.com/xg-en/product-security/secur...

https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02

http://www.securityfocus.com/bid/105044

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2018
Vulnerability Reserved
May 1, 2018

JSON