CVE Vulnerability

CVE-2018-14781

Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

2.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 5.5 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
http://www.securityfocus.com/bid/105044 Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 Third Party Advisory US Government Resource
Configurations

Configuration 1
Information

Published : 2018-08-13 09:48

Updated : 2019-10-09 11:35

NVD link : CVE-2018-14781

Mitre link : CVE-2018-14781

Products Affected
No products.
CWE
CWE-287