Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
CVSS 2.0
Severity: LOW
Problem Type: CWE-294,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| medtronicdiabetes | 523k_paradigm_revel_firmware | - |
| medtronicdiabetes | 723_paradigm_revel_firmware | - |
| medtronicdiabetes | 523_paradigm_revel_firmware | - |
| medtronicdiabetes | 722_paradigm_real-time_firmware | - |
| medtronicdiabetes | 723k_paradigm_revel_firmware | - |
| medtronicdiabetes | 508_minimed_insulin_pump_firmware | - |
| medtronicdiabetes | 751_minimed_530g_firmware | - |
| medtronicdiabetes | 522_paradigm_real-time_firmware | - |
| medtronicdiabetes | 551_minimed_530g_firmware | - |