\n\nCommunications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.\n\n
"}],"value":"Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-319","description":"CWE-319 Cleartext Transmission of Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-05-22T16:28:03.155Z"},"references":[{"url":"https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html"},{"name":"105044","url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"},{"tags":["vdb-entry"],"url":"http://www.securityfocus.com/bid/105044"}],"source":{"advisory":"ICSMA-18-219-02","discovery":"EXTERNAL"},"title":"Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The remote option is turned off in the pump by default.
Medtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic.
Medtronic has released additional patient focused information.
Additionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic.
"}],"value":"The remote option is turned off in the pump by default. \n\nMedtronic is directing all users to stop using their remote controllers, disable the remote option on their insulin pump, and to return the remote controllers to Medtronic. \n\nMedtronic has released additional patient focused information https://www.medtronic.com/security .\n\nAdditionally, Medtronic will be sending a letter to patients who may still be actively using the remotes in order to inform patients about these security risks, and request patients stop using the remote and return them to Medtronic."}],"x_generator":{"engine":"Vulnogram 0.2.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-08-08T00:00:00","ID":"CVE-2018-10634","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Medtronic insulin pump","version":{"version_data":[{"version_value":"MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G"}]}}]},"vendor_name":"ICS-CERT"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G communications between the pump and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"}]}]},"references":{"reference_data":[{"name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"},{"name":"105044","refsource":"BID","url":"http://www.securityfocus.com/bid/105044"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-05T07:46:46.358Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02"},{"name":"105044","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/105044"}]}]},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2018-10634","datePublished":"2018-08-13T22:00:00.000Z","dateReserved":"2018-05-01T00:00:00.000Z","dateUpdated":"2025-05-22T16:28:03.155Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}