CVE-2018-14781

Summary

Medtronic MiniMed MMT

devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.

Affected Software

VendorProductVersion RangeStatus
MedtronicMMT- 508 - MiniMed pumpAll versionsaffected
MedtronicMMT – 511 pump ParadigmAll versionsaffected
MedtronicMMT – 512 / MMT – 712 Paradigm x12All versionsaffected
MedtronicMMT – 515 / MMT – 715 Paradigm x15All versionsaffected
MedtronicMMT – 522 / MMT – 722 Paradigm REAL-TIMEAll versionsaffected
MedtronicMMT – 522(K) / MMT – 722(K) Paradigm REAL-TIMEAll versionsaffected
MedtronicMMT – 523 / MMT – 723 Paradigm RevelAll versionsaffected
MedtronicMMT – 523(K) / MMT – 723(K) ParadigmAll versionsaffected
MedtronicMMT – 554 / MMT – 754 MiniMed VeoAll versionsaffected
MedtronicMMT – 551 / MMT – 751 MiniMed 530GAll versionsaffected

Weaknesses

  • CWE-294: CWE-294 Authentication Bypass by Capture-replay

Workarounds

The remote option is turned off in the pump by default.  

Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic.

Medtronic has released additional patient focused information https://www.medtronic.com/security .

Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic.

ADP Enrichment

CVE Program Container

Additional References

References