CVE-2018-14781

Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:medtronicdiabetes:523k_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:523k_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:medtronicdiabetes:723k_paradigm_revel_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:723k_paradigm_revel:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:medtronicdiabetes:551_minimed_530g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:551_minimed_530g:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:medtronicdiabetes:751_minimed_530g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:medtronicdiabetes:751_minimed_530g:-:*:*:*:*:*:*:*

History

22 May 2025, 17:15

Type Values Removed Values Added
References
  • () https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html -
Summary (en) Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery. (en) Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

21 Nov 2024, 03:49

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/105044 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/105044 - Third Party Advisory, VDB Entry
References () https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 - Third Party Advisory, US Government Resource

Information

Published : 2018-08-13 21:48

Updated : 2025-05-22 17:15


NVD link : CVE-2018-14781

Mitre link : CVE-2018-14781

CVE.ORG link : CVE-2018-14781


JSON object : View

Products Affected

medtronicdiabetes

  • 551_minimed_530g_firmware
  • 723_paradigm_revel_firmware
  • 751_minimed_530g
  • 722_paradigm_real-time_firmware
  • 551_minimed_530g
  • 508_minimed_insulin_pump_firmware
  • 522_paradigm_real-time
  • 523_paradigm_revel
  • 523k_paradigm_revel_firmware
  • 522_paradigm_real-time_firmware
  • 722_paradigm_real-time
  • 523k_paradigm_revel
  • 508_minimed_insulin_pump
  • 751_minimed_530g_firmware
  • 723k_paradigm_revel
  • 523_paradigm_revel_firmware
  • 723_paradigm_revel
  • 723k_paradigm_revel_firmware
CWE
CWE-294

Authentication Bypass by Capture-replay

CWE-287

Improper Authentication