CVE-2018-14781
13.08.2018, 21:48
Medtronic MiniMed MMT devices when paired with a remote controller and having the easy bolus and remote bolus options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.Enginsight
| Vendor | Product | Version |
|---|---|---|
| medtronicdiabetes | 508_minimed_insulin_pump_firmware | - |
| medtronicdiabetes | 522_paradigm_real-time_firmware | - |
| medtronicdiabetes | 722_paradigm_real-time_firmware | - |
| medtronicdiabetes | 523_paradigm_revel_firmware | - |
| medtronicdiabetes | 723_paradigm_revel_firmware | - |
| medtronicdiabetes | 523k_paradigm_revel_firmware | - |
| medtronicdiabetes | 723k_paradigm_revel_firmware | - |
| medtronicdiabetes | 551_minimed_530g_firmware | - |
| medtronicdiabetes | 751_minimed_530g_firmware | - |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-294 - Authentication Bypass by Capture-replayA capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes).
- CWE-287 - Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.