CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
30.5%
Medtronic MMT 508 MiniMed insulin pump, 522 / MMT - 722 Paradigm REAL-TIME, 523 / MMT - 723 Paradigm Revel, 523K / MMT - 723K Paradigm Revel, and 551 / MMT - 751 MiniMed 530G The models identified above, when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
Vendor | Product | Version | CPE |
---|---|---|---|
medtronicdiabetes | 508_minimed_insulin_pump_firmware | - | cpe:2.3:o:medtronicdiabetes:508_minimed_insulin_pump_firmware:-:*:*:*:*:*:*:* |
medtronicdiabetes | 508_minimed_insulin_pump | - | cpe:2.3:h:medtronicdiabetes:508_minimed_insulin_pump:-:*:*:*:*:*:*:* |
medtronicdiabetes | 522_paradigm_real-time_firmware | - | cpe:2.3:o:medtronicdiabetes:522_paradigm_real-time_firmware:-:*:*:*:*:*:*:* |
medtronicdiabetes | 522_paradigm_real-time | - | cpe:2.3:h:medtronicdiabetes:522_paradigm_real-time:-:*:*:*:*:*:*:* |
medtronicdiabetes | 722_paradigm_real-time_firmware | - | cpe:2.3:o:medtronicdiabetes:722_paradigm_real-time_firmware:-:*:*:*:*:*:*:* |
medtronicdiabetes | 722_paradigm_real-time | - | cpe:2.3:h:medtronicdiabetes:722_paradigm_real-time:-:*:*:*:*:*:*:* |
medtronicdiabetes | 523_paradigm_revel_firmware | - | cpe:2.3:o:medtronicdiabetes:523_paradigm_revel_firmware:-:*:*:*:*:*:*:* |
medtronicdiabetes | 523_paradigm_revel | - | cpe:2.3:h:medtronicdiabetes:523_paradigm_revel:-:*:*:*:*:*:*:* |
medtronicdiabetes | 723_paradigm_revel_firmware | - | cpe:2.3:o:medtronicdiabetes:723_paradigm_revel_firmware:-:*:*:*:*:*:*:* |
medtronicdiabetes | 723_paradigm_revel | - | cpe:2.3:h:medtronicdiabetes:723_paradigm_revel:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:A/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
30.5%