MidnightBSD

Advisories for medtronicdiabetes

CVE-2018-14781 LOW

Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

CVSS 2.0

Severity: LOW

Problem Type: CWE-294,CWE-287,

Products Affected

Vendor Product Version
medtronicdiabetes 523k_paradigm_revel_firmware -
medtronicdiabetes 723_paradigm_revel_firmware -
medtronicdiabetes 523_paradigm_revel_firmware -
medtronicdiabetes 722_paradigm_real-time_firmware -
medtronicdiabetes 723k_paradigm_revel_firmware -
medtronicdiabetes 508_minimed_insulin_pump_firmware -
medtronicdiabetes 751_minimed_530g_firmware -
medtronicdiabetes 522_paradigm_real-time_firmware -
medtronicdiabetes 551_minimed_530g_firmware -