Description
Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
Scores
CVSS v3
5.3
EPSS
0.0013
EPSS Percentile
32.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
CWE-294
Status
published
Products (9)
medtronicdiabetes/508_minimed_insulin_pump_firmware
medtronicdiabetes/522_paradigm_real-time_firmware
medtronicdiabetes/523_paradigm_revel_firmware
medtronicdiabetes/523k_paradigm_revel_firmware
medtronicdiabetes/551_minimed_530g_firmware
medtronicdiabetes/722_paradigm_real-time_firmware
medtronicdiabetes/723_paradigm_revel_firmware
medtronicdiabetes/723k_paradigm_revel_firmware
medtronicdiabetes/751_minimed_530g_firmware
Published
Aug 13, 2018
Tracked Since
Feb 18, 2026