Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-10634
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-13 Aug, 2018 | 22:00
Updated At-22 May, 2025 | 16:28
Rejected At-
▼CVE Numbering Authority (CNA)
Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information

Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.

Affected Products
Vendor
Medtronic
Product
MMT- 508 - MiniMed pump
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 511 pump Paradigm
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 512 / MMT – 712 Paradigm x12
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 515 / MMT – 715 Paradigm x15
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 522 / MMT – 722 Paradigm REAL-TIME
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 522(K) / MMT – 722(K) Paradigm REAL-TIME
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 523 / MMT – 723 Paradigm Revel
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 523(K) / MMT – 723(K) Paradigm
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 554 / MMT – 754 MiniMed Veo
Default Status
unaffected
Versions
Affected
  • All versions
Vendor
Medtronic
Product
MMT – 551 / MMT – 751 MiniMed 530G
Default Status
unaffected
Versions
Affected
  • All versions
Problem Types
TypeCWE IDDescription
CWECWE-319CWE-319 Cleartext Transmission of Sensitive Information
Type: CWE
CWE ID: CWE-319
Description: CWE-319 Cleartext Transmission of Sensitive Information
Metrics
VersionBase scoreBase severityVector
3.14.8MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

The remote option is turned off in the pump by default.   Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. Medtronic has released additional patient focused information https://www.medtronic.com/security . Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic.

Exploits
Credits
finder
Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities to CISA.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html
N/A
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
N/A
http://www.securityfocus.com/bid/105044
vdb-entry
Hyperlink: https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html
Resource: N/A
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/105044
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
x_refsource_MISC
x_transferred
http://www.securityfocus.com/bid/105044
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/105044
Resource:
vdb-entry
x_refsource_BID
x_transferred
Details not found