Vulnerability Description
Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Medtronic | Minimed Paradigm Revel Mmt-523K Firmware | - |
| Medtronic | Minimed Paradigm Revel Mmt-523K | - |
| Medtronic | Minimed Paradigm Revel Mmt-723K Firmware | - |
| Medtronic | Minimed Paradigm Revel Mmt-723K | - |
| Medtronic | Minimed Paradigm Revel Mmt-723 Firmware | - |
| Medtronic | Minimed Paradigm Revel Mmt-723 | - |
| Medtronic | Minimed 530G Mmt-551 Firmware | - |
| Medtronic | Minimed 530G Mmt-551 | - |
| Medtronic | Minimed Paradigm Real-Time Mmt-522 Firmware | - |
| Medtronic | Minimed Paradigm Real-Time Mmt-522 | - |
| Medtronic | Minimed Paradigm Real-Time Mmt-722 Firmware | - |
| Medtronic | Minimed Paradigm Real-Time Mmt-722 | - |
| Medtronic | Minimed 530G Mmt-751 Firmware | - |
| Medtronic | Minimed 530G Mmt-751 | - |
| Medtronic | Minimed Paradigm Revel Mmt-523 Firmware | - |
| Medtronic | Minimed Paradigm Revel Mmt-523 | - |
| Medtronic | Minimed Paradigm 508 Insulin Pump Firmware | - |
| Medtronic | Minimed Paradigm 508 Insulin Pump | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/105044Third Party AdvisoryVDB Entry
- https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.h
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/105044Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-10634?
CVE-2018-10634 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive inform...
How severe is CVE-2018-10634?
CVE-2018-10634 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-10634?
Check the references section above for vendor advisories and patch information. Affected products include: Medtronic Minimed Paradigm Revel Mmt-523K Firmware, Medtronic Minimed Paradigm Revel Mmt-523K, Medtronic Minimed Paradigm Revel Mmt-723K Firmware, Medtronic Minimed Paradigm Revel Mmt-723K, Medtronic Minimed Paradigm Revel Mmt-723 Firmware.