FKIE_CVE-2018-14781
Vulnerability from fkie_nvd - Published: 2018-08-13 21:48 - Updated: 2025-05-22 17:15
Severity ?
Summary
Medtronic MiniMed MMT
devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/105044 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html | ||
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105044 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF9C0D70-7924-414E-98EF-245E52ED8838",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF20B7E1-C7E3-45E6-A981-6A02807A2411",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A8E9BE8-E17F-490D-BCE7-92D43BE14574",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD29F70-6322-4891-8036-6BDE7F98B08A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95CAA730-1862-4D91-B962-28A2D8EB07F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB82801B-A8AA-47C9-BC9E-A4FCCC4BF10C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2C8DF53F-B5DB-4690-87E8-8CECF77783EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95A2BE4F-FE1B-496C-8237-73F8BF0639E6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F8021A-E8CD-4B6A-979D-5E3F18EB6B4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2EF040-CE07-4430-8707-689666B7AE61",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:523k_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "175AE115-73FA-4A1E-B8D6-185522D8AAEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:523k_paradigm_revel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "425712F3-B98B-4D0E-97B9-E94D5216A43F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:723k_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "83888F47-99B8-4D7F-9049-6B9168BBFA70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:723k_paradigm_revel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04627C77-7F76-4883-8C6D-77579F4AF28E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:551_minimed_530g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86BAFB4D-49CF-4855-8A84-D41BD80A16D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:551_minimed_530g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE48E5F-E955-4351-BC2E-E6EF0EB40AAB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:medtronicdiabetes:751_minimed_530g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE64752-1F20-4F8B-9048-4B004A3B3CB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:medtronicdiabetes:751_minimed_530g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B63924E6-F2F3-47A9-BCDC-5EC4B665DC9D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Medtronic MiniMed MMT \n\ndevices when paired with a remote controller and having the \u201ceasy bolus\u201d and \u201cremote bolus\u201d options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery."
},
{
"lang": "es",
"value": "En la v\u00e1lvula de insulina de Medtronic MMT 508 MiniMed, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel y 551 / MMT - 751 MiniMed 530G, estos modelos, cuando se emparejan con un controlador remoto y tienen las opciones \"easy bolus\" y \"remote bolus\" habilitadas (no por defecto), son vulnerables a un ataque de captura y reproducci\u00f3n. Un atacante puede capturar las transmisiones inal\u00e1mbricas entre el controlador remoto y la v\u00e1lvula y reproducirlas para provocar una inyecci\u00f3n de insulina (bolus)."
}
],
"id": "CVE-2018-14781",
"lastModified": "2025-05-22T17:15:22.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
}
]
},
"published": "2018-08-13T21:48:01.227",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105044"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-294"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…