Lucene search

IcscertCVE-2018-14781

HistoryAug 13, 2018 - 10:00 p.m.

CVE-2018-14781

2018-08-1322:00:00

CWE-294

CWE-287

icscert

web.nvd.nist.gov

cve-2018-14781

medtronic

mmt 508

mmt 722

mmt 723

mmt 723k

mmt 751

paradigm real-time

paradigm revel

insulin pump

capture-replay attack

wireless vulnerability

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON

Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

Affected configurations

Nvd

Node

medtronicdiabetes508_minimed_insulin_pump_firmwareMatch-

AND

medtronicdiabetes508_minimed_insulin_pumpMatch-

Node

medtronicdiabetes522_paradigm_real-time_firmwareMatch-

AND

medtronicdiabetes522_paradigm_real-timeMatch-

Node

medtronicdiabetes722_paradigm_real-time_firmwareMatch-

AND

medtronicdiabetes722_paradigm_real-timeMatch-

Node

medtronicdiabetes523_paradigm_revel_firmwareMatch-

AND

medtronicdiabetes523_paradigm_revelMatch-

Node

medtronicdiabetes723_paradigm_revel_firmwareMatch-

AND

medtronicdiabetes723_paradigm_revelMatch-

Node

medtronicdiabetes523k_paradigm_revel_firmwareMatch-

AND

medtronicdiabetes523k_paradigm_revelMatch-

Node

medtronicdiabetes723k_paradigm_revel_firmwareMatch-

AND

medtronicdiabetes723k_paradigm_revelMatch-

Node

medtronicdiabetes551_minimed_530g_firmwareMatch-

AND

medtronicdiabetes551_minimed_530gMatch-

Node

medtronicdiabetes751_minimed_530g_firmwareMatch-

AND

medtronicdiabetes751_minimed_530gMatch-

VendorProductVersionCPE
medtronicdiabetes508_minimed_insulin_pump_firmware-cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:*
medtronicdiabetes508_minimed_insulin_pump-cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:*
medtronicdiabetes522_paradigm_real-time_firmware-cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
medtronicdiabetes522_paradigm_real-time-cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:*
medtronicdiabetes722_paradigm_real-time_firmware-cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
medtronicdiabetes722_paradigm_real-time-cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:*
medtronicdiabetes523_paradigm_revel_firmware-cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:*
medtronicdiabetes523_paradigm_revel-cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:*
medtronicdiabetes723_paradigm_revel_firmware-cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:*
medtronicdiabetes723_paradigm_revel-cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
medtronicdiabetes	508_minimed_insulin_pump_firmware	-	cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:::::::*
medtronicdiabetes	508_minimed_insulin_pump	-	cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:::::::*
medtronicdiabetes	522_paradigm_real-time_firmware	-	cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:::::::*
medtronicdiabetes	522_paradigm_real-time	-	cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:::::::*
medtronicdiabetes	722_paradigm_real-time_firmware	-	cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:::::::*
medtronicdiabetes	722_paradigm_real-time	-	cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:::::::*
medtronicdiabetes	523_paradigm_revel_firmware	-	cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:::::::*
medtronicdiabetes	523_paradigm_revel	-	cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:::::::*
medtronicdiabetes	723_paradigm_revel_firmware	-	cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:::::::*
medtronicdiabetes	723_paradigm_revel	-	cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:::::::*

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "Medtronic insulin pump",
    "vendor": "ICS-CERT",
    "versions": [
      {
        "status": "affected",
        "version": "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105044

ics-cert.us-cert.gov/advisories/ICSMA-18-219-02

CVSS2

2.9

Attack Vector

ADJACENT_NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:A/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

30.5%

JSON

Related for CVE-2018-14781