CVE-2018-14781

Name of the Vulnerable Software and Affected Versions Medtronic MMT 508 MiniMed insulin pump versions 508 through 751 Medtronic MMT 522 / MMT - 722 Paradigm REAL-TIME Medtronic MMT 523 / MMT - 723 Paradigm Revel Medtronic MMT 523K / MMT - 723K Paradigm Revel Medtronic MMT 551 / MMT - 751 MiniMed 530G

Description The issue is related to a capture-replay attack when the "easy bolus" and "remote bolus" options are enabled. An attacker can capture wireless transmissions between the remote controller and the pump and replay them to cause an insulin delivery. The vulnerability is also associated with weaknesses in the authentication mechanism, which can be exploited to bypass authentication procedures by executing a captured request.

Recommendations For Medtronic MMT 508 MiniMed insulin pump, consider disabling the "easy bolus" and "remote bolus" options to minimize the risk of exploitation. For Medtronic MMT 522 / MMT - 722 Paradigm REAL-TIME, restrict access to the remote controller to prevent unauthorized capture and replay of wireless transmissions. For Medtronic MMT 523 / MMT - 723 Paradigm Revel, avoid using the remote controller until a fix is available. For Medtronic MMT 523K / MMT - 723K Paradigm Revel, disable the remote bolus feature as a temporary workaround. For Medtronic MMT 551 / MMT - 751 MiniMed 530G, consider implementing additional security measures to prevent capture-replay attacks.