CVE-2018-14781

Published Aug 13, 2018

Last updated 5 years ago

CVSS medium 5.3

Overview

Description: Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the "easy bolus" and "remote bolus" options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 5.3
Impact score: 3.6
Exploitability score: 1.6
Vector string: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 2.9
Impact score: 2.9
Exploitability score: 5.5
Vector string: AV:A/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287
ics-cert@hq.dhs.gov: CWE-294

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF9C0D70-7924-414E-98EF-245E52ED8838"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FF20B7E1-C7E3-45E6-A981-6A02807A2411"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A8E9BE8-E17F-490D-BCE7-92D43BE14574"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CCD29F70-6322-4891-8036-6BDE7F98B08A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95CAA730-1862-4D91-B962-28A2D8EB07F2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AB82801B-A8AA-47C9-BC9E-A4FCCC4BF10C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2C8DF53F-B5DB-4690-87E8-8CECF77783EE"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "95A2BE4F-FE1B-496C-8237-73F8BF0639E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1F8021A-E8CD-4B6A-979D-5E3F18EB6B4A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "AB2EF040-CE07-4430-8707-689666B7AE61"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:523k_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "175AE115-73FA-4A1E-B8D6-185522D8AAEC"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:523k_paradigm_revel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "425712F3-B98B-4D0E-97B9-E94D5216A43F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:723k_paradigm_revel_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83888F47-99B8-4D7F-9049-6B9168BBFA70"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:723k_paradigm_revel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "04627C77-7F76-4883-8C6D-77579F4AF28E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:551_minimed_530g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86BAFB4D-49CF-4855-8A84-D41BD80A16D4"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:551_minimed_530g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2AE48E5F-E955-4351-BC2E-E6EF0EB40AAB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:medtronicdiabetes:751_minimed_530g_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8AE64752-1F20-4F8B-9048-4B004A3B3CB2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:medtronicdiabetes:751_minimed_530g:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B63924E6-F2F3-47A9-BCDC-5EC4B665DC9D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References