CVE-2018-10634 - Vulnerability Details

Vendors	Products
Medtronic	Minimed 530g Mmt-551 Minimed 530g Mmt-551 Firmware Minimed 530g Mmt-751 Minimed 530g Mmt-751 Firmware Minimed Paradigm 508 Insulin Pump Minimed Paradigm 508 Insulin Pump Firmware Minimed Paradigm Real-time Mmt-522 Minimed Paradigm Real-time Mmt-522 Firmware Minimed Paradigm Real-time Mmt-722 Minimed Paradigm Real-time Mmt-722 Firmware Minimed Paradigm Revel Mmt-523 Minimed Paradigm Revel Mmt-523 Firmware Minimed Paradigm Revel Mmt-523k Minimed Paradigm Revel Mmt-523k Firmware Minimed Paradigm Revel Mmt-723 Minimed Paradigm Revel Mmt-723 Firmware Minimed Paradigm Revel Mmt-723k Minimed Paradigm Revel Mmt-723k Firmware

Link	Providers
http://www.securityfocus.com/bid/105044
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02

Type	Values Removed	Values Added
Description	Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.	Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
Title		Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information
References		https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html
Metrics		cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

Show plain JSON

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "MMT- 508 - MiniMed pump", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 511 pump Paradigm", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 512 / MMT \u2013 712 Paradigm x12", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 515 / MMT \u2013 715 Paradigm x15", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 522 / MMT \u2013 722 Paradigm REAL-TIME", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 522(K) / MMT \u2013 722(K) Paradigm REAL-TIME", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 523 / MMT \u2013 723 Paradigm Revel", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 523(K) / MMT \u2013 723(K) Paradigm", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 554 / MMT \u2013 754 MiniMed Veo", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}, {"defaultStatus": "unaffected", "product": "MMT \u2013 551 / MMT \u2013 751 MiniMed 530G", "vendor": "Medtronic", "versions": [{"status": "affected", "version": "All versions"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities to CISA."}], "datePublic": "2018-08-08T06:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\n\n<span style=\"background-color: rgb(255, 255, 255);\">Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.</span>\n\n</p>"}], "value": "Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-05-22T16:28:03.155Z"}, "references": [{"url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html"}, {"name": "105044", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"tags": ["vdb-entry"], "url": "http://www.securityfocus.com/bid/105044"}], "source": {"advisory": "ICSMA-18-219-02", "discovery": "EXTERNAL"}, "title": "Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The remote option is turned off in the pump by default. &nbsp;</p><p>Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. </p><p>Medtronic has released <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.medtronic.com/security\">additional patient focused information</a>.</p><p>Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic. </p>"}], "value": "The remote option is turned off in the pump by default. \u00a0\n\nMedtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. \n\nMedtronic has released  additional patient focused information https://www.medtronic.com/security .\n\nAdditionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic."}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-08-08T00:00:00", "ID": "CVE-2018-10634", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Medtronic insulin pump", "version": {"version_data": [{"version_value": "MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G"}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"name": "105044", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105044"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:46:46.358Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"name": "105044", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/105044"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-10634", "datePublished": "2018-08-13T22:00:00Z", "dateReserved": "2018-05-01T00:00:00", "dateUpdated": "2025-05-22T16:28:03.155Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : MMT- 508 - MiniMed pump (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

1 : { »

defaultStatus : unaffected (string)

product : MMT – 511 pump Paradigm (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

2 : { »

defaultStatus : unaffected (string)

product : MMT – 512 / MMT – 712 Paradigm x12 (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

3 : { »

defaultStatus : unaffected (string)

product : MMT – 515 / MMT – 715 Paradigm x15 (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

4 : { »

defaultStatus : unaffected (string)

product : MMT – 522 / MMT – 722 Paradigm REAL-TIME (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

5 : { »

defaultStatus : unaffected (string)

product : MMT – 522(K) / MMT – 722(K) Paradigm REAL-TIME (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

6 : { »

defaultStatus : unaffected (string)

product : MMT – 523 / MMT – 723 Paradigm Revel (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

7 : { »

defaultStatus : unaffected (string)

product : MMT – 523(K) / MMT – 723(K) Paradigm (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

8 : { »

defaultStatus : unaffected (string)

product : MMT – 554 / MMT – 754 MiniMed Veo (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

9 : { »

defaultStatus : unaffected (string)

product : MMT – 551 / MMT – 751 MiniMed 530G (string)

vendor : Medtronic (string)

versions : [ »

0 : { »

status : affected (string)

version : All versions (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : finder (string)

value : Billy Rios, Jesse Young, and Jonathan Butts of Whitescope LLC reported these vulnerabilities to CISA. (string)

}

]

datePublic : 2018-08-08T06:00:00.000Z (string)

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. (string)

}

]

value : Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

format : CVSS (string)

scenarios : [ »

0 : { »

lang : en (string)

value : GENERAL (string)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-319 (string)

description : CWE-319 Cleartext Transmission of Sensitive Information (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

shortName : icscert (string)

dateUpdated : 2025-05-22T16:28:03.155Z (string)

}

references : [ »

0 : { »

url : https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html (string)

}

1 : { »

name : 105044 (string)

url : https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 (string)

}

2 : { »

tags : [ »

0 : vdb-entry (string)

]

url : http://www.securityfocus.com/bid/105044 (string)

}

]

source : { »

advisory : ICSMA-18-219-02 (string)

discovery : EXTERNAL (string)

}

title : Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information (string)

workarounds : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : The remote option is turned off in the pump by default.  Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. Medtronic has released <a target="_blank" rel="nofollow" href="https://www.medtronic.com/security">additional patient focused information</a>.Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic. (string)

}

]

value : The remote option is turned off in the pump by default. Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. Medtronic has released additional patient focused information https://www.medtronic.com/security . Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic. (string)

}

]

x_generator : { »

engine : Vulnogram 0.2.0 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : ics-cert@hq.dhs.gov (string)

DATE_PUBLIC : 2018-08-08T00:00:00 (string)

ID : CVE-2018-10634 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Medtronic insulin pump (string)

version : { »

version_data : [ »

0 : { »

version_value : MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G (string)

}

]

}

]

}

vendor_name : ICS-CERT (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319 (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 (string)

refsource : MISC (string)

url : https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 (string)

}

1 : { »

name : 105044 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/105044 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T07:46:46.358Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 (string)

}

1 : { »

name : 105044 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/105044 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7d14cffa-0d7d-4270-9dc0-52cabd5a23a6 (string)

assignerShortName : icscert (string)

cveId : CVE-2018-10634 (string)

datePublished : 2018-08-13T22:00:00Z (string)

dateReserved : 2018-05-01T00:00:00 (string)

dateUpdated : 2025-05-22T16:28:03.155Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523k_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B4F654-D6B5-4A10-983B-F80EA8F9D99A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523k:-:*:*:*:*:*:*:*", "matchCriteriaId": "2404EE2B-F712-4232-A382-20399B78A9A9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723k_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "E8587878-D7E8-42B8-A8C0-236243E37458", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723k:-:*:*:*:*:*:*:*", "matchCriteriaId": "555610AE-696A-4673-9B95-0D095E453911", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DA9287D2-C190-456C-8CEA-BCF2A02AD487", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723:-:*:*:*:*:*:*:*", "matchCriteriaId": "19BD65EB-7A85-45B8-BB93-11E417F4181C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_530g_mmt-551_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEA918D3-42B6-484B-B643-E7AE49153F53", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_530g_mmt-551:-:*:*:*:*:*:*:*", "matchCriteriaId": "249E8C9C-AB48-4A8D-A2AC-F7EE6917DDF9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-522_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "75E6FAB6-E13B-4294-8BED-5F976B3E6ABE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-522:-:*:*:*:*:*:*:*", "matchCriteriaId": "C3C573F8-6C1E-409A-9DF5-CEA6EC2796ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-722_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FEA193F7-05B7-41A6-866E-136AB56314D6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-722:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB40167D-EDF2-403B-8C72-C71DA21EE450", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_530g_mmt-751_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BC43E0A3-7036-480A-BAE7-D6396FA13ECF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_530g_mmt-751:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDE3998E-D031-46D8-BC10-D9001D6F704C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "769B8111-BCCB-456F-8795-757CBE6CFEB6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523:-:*:*:*:*:*:*:*", "matchCriteriaId": "299B0182-88F8-4025-97AB-BCB1EB1BACE3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:medtronic:minimed_paradigm_508_insulin_pump_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A8CF5E75-66A5-4561-B0C5-D702311C5D4F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:medtronic:minimed_paradigm_508_insulin_pump:-:*:*:*:*:*:*:*", "matchCriteriaId": "11487034-50C2-45AE-AF55-28DFCA1F51B5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}, {"lang": "es", "value": "En la v\u00e1lvula de insulina de Medtronic MMT 508 MiniMed, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel y 551 / MMT - 751 MiniMed 530G, las comunicaciones entre la v\u00e1lvula y los accesorios inal\u00e1mbricos se transmiten en texto claro. Un atacante suficientemente h\u00e1bil podr\u00eda capturar estas transmisiones y extraer informaci\u00f3n sensible, como los n\u00fameros de serie de los dispositivos."}], "id": "CVE-2018-10634", "lastModified": "2025-05-22T17:15:21.460", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 5.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2018-08-13T21:47:59.040", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105044"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-319"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523k_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C0B4F654-D6B5-4A10-983B-F80EA8F9D99A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523k:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 2404EE2B-F712-4232-A382-20399B78A9A9 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723k_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : E8587878-D7E8-42B8-A8C0-236243E37458 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723k:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 555610AE-696A-4673-9B95-0D095E453911 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : DA9287D2-C190-456C-8CEA-BCF2A02AD487 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 19BD65EB-7A85-45B8-BB93-11E417F4181C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_530g_mmt-551_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : AEA918D3-42B6-484B-B643-E7AE49153F53 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_530g_mmt-551:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 249E8C9C-AB48-4A8D-A2AC-F7EE6917DDF9 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-522_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 75E6FAB6-E13B-4294-8BED-5F976B3E6ABE (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-522:-:*:*:*:*:*:*:* (string)

matchCriteriaId : C3C573F8-6C1E-409A-9DF5-CEA6EC2796ED (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-722_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : FEA193F7-05B7-41A6-866E-136AB56314D6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-722:-:*:*:*:*:*:*:* (string)

matchCriteriaId : EB40167D-EDF2-403B-8C72-C71DA21EE450 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

6 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_530g_mmt-751_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : BC43E0A3-7036-480A-BAE7-D6396FA13ECF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_530g_mmt-751:-:*:*:*:*:*:*:* (string)

matchCriteriaId : CDE3998E-D031-46D8-BC10-D9001D6F704C (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

7 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 769B8111-BCCB-456F-8795-757CBE6CFEB6 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 299B0182-88F8-4025-97AB-BCB1EB1BACE3 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

8 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:medtronic:minimed_paradigm_508_insulin_pump_firmware:-:*:*:*:*:*:*:* (string)

matchCriteriaId : A8CF5E75-66A5-4561-B0C5-D702311C5D4F (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

1 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:h:medtronic:minimed_paradigm_508_insulin_pump:-:*:*:*:*:*:*:* (string)

matchCriteriaId : 11487034-50C2-45AE-AF55-28DFCA1F51B5 (string)

vulnerable : false (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

operator : AND (string)

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers. (string)

}

1 : { »

lang : es (string)

value : En la válvula de insulina de Medtronic MMT 508 MiniMed, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel y 551 / MMT - 751 MiniMed 530G, las comunicaciones entre la válvula y los accesorios inalámbricos se transmiten en texto claro. Un atacante suficientemente hábil podría capturar estas transmisiones y extraer información sensible, como los números de serie de los dispositivos. (string)

}

]

id : CVE-2018-10634 (string)

lastModified : 2025-05-22T17:15:21.460 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : ADJACENT_NETWORK (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.9 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:A/AC:M/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 5.5 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.3 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.0 (string)

}

exploitabilityScore : 1.6 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : ADJACENT_NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 4.8 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 3.6 (number)

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

]

}

published : 2018-08-13T21:47:59.040 (string)

references : [ »

0 : { »

source : ics-cert@hq.dhs.gov (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/105044 (string)

}

1 : { »

source : ics-cert@hq.dhs.gov (string)

url : https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html (string)

}

2 : { »

source : ics-cert@hq.dhs.gov (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/105044 (string)

}

4 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : US Government Resource (string)

]

url : https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02 (string)

}

]

sourceIdentifier : ics-cert@hq.dhs.gov (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-319 (string)

}

]

source : ics-cert@hq.dhs.gov (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-319 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object