CVE-2018-10634 - Vulnerability Details

CVE-2018-10634 - Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information

Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Medtronic	Minimed 530g Mmt-551 Minimed 530g Mmt-551 Firmware Minimed 530g Mmt-751 Minimed 530g Mmt-751 Firmware Minimed Paradigm 508 Insulin Pump Minimed Paradigm 508 Insulin Pump Firmware Minimed Paradigm Real-time Mmt-522 Minimed Paradigm Real-time Mmt-522 Firmware Minimed Paradigm Real-time Mmt-722 Minimed Paradigm Real-time Mmt-722 Firmware Minimed Paradigm Revel Mmt-523 Minimed Paradigm Revel Mmt-523 Firmware Minimed Paradigm Revel Mmt-523k Minimed Paradigm Revel Mmt-523k Firmware Minimed Paradigm Revel Mmt-723 Minimed Paradigm Revel Mmt-723 Firmware Minimed Paradigm Revel Mmt-723k Minimed Paradigm Revel Mmt-723k Firmware

Configuration 1 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523k_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523k:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723k_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723k:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-723_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-723:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:medtronic:minimed_530g_mmt-551_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_530g_mmt-551:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-522_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-522:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_real-time_mmt-722_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_real-time_mmt-722:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:medtronic:minimed_530g_mmt-751_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_530g_mmt-751:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_revel_mmt-523_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_revel_mmt-523:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:medtronic:minimed_paradigm_508_insulin_pump_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:medtronic:minimed_paradigm_508_insulin_pump:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105044
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02

History

Thu, 22 May 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description	Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.	Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
Title		Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information
References		https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html
Metrics		cvssV3_1 `{'score': 4.8, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-08-13T22:00:00Z

Updated: 2025-05-22T16:28:03.155Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10634

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-13T21:47:59.040

Modified: 2025-05-22T17:15:21.460

Link: CVE-2018-10634

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object