CVE-2018-10634

Name of the Vulnerable Software and Affected Versions Medtronic MMT 508 MiniMed insulin pump versions 508 through 751 Medtronic MMT 522 Paradigm REAL-TIME Medtronic MMT 523 Paradigm Revel Medtronic MMT 523K Paradigm Revel Medtronic MMT 551 MiniMed 530G Medtronic MMT 722 Paradigm REAL-TIME Medtronic MMT 723 Paradigm Revel Medtronic MMT 723K Paradigm Revel Medtronic MMT 751 MiniMed 530G

Description The issue is related to the transmission of sensitive information in cleartext between the insulin pump and wireless accessories. This could allow a sufficiently skilled attacker to capture these transmissions and extract sensitive information, such as device serial numbers.

Recommendations For Medtronic MMT 508 MiniMed insulin pump, consider disabling wireless communication until a patch is available. For Medtronic MMT 522 Paradigm REAL-TIME, restrict access to the device to minimize the risk of exploitation. For Medtronic MMT 523 Paradigm Revel, avoid using the device's wireless features until the issue is resolved. For Medtronic MMT 523K Paradigm Revel, consider implementing additional security measures to protect against eavesdropping. For Medtronic MMT 551 MiniMed 530G, disable the wirelessTransmission() function until a patch is available. For Medtronic MMT 722 Paradigm REAL-TIME, restrict access to the device's serial number to prevent exploitation. For Medtronic MMT 723 Paradigm Revel, avoid using the device's serial number in cleartext until the issue is resolved. For Medtronic MMT 723K Paradigm Revel, consider implementing encryption for wireless transmissions. For Medtronic MMT 751 MiniMed 530G, restrict access to the device's wireless accessories to minimize the risk of exploitation.