← voltar
CVE-2018-14781

Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Authentication Bypass by Capture-replay

CVSS 5.3 MEDIUMEPSS 0.7%CWE-294
Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Produtos afetados
Medtronic · MMT- 508 - MiniMed pumpMedtronic · MMT – 511 pump ParadigmMedtronic · MMT – 512 / MMT – 712 Paradigm x12Medtronic · MMT – 515 / MMT – 715 Paradigm x15Medtronic · MMT – 522(K) / MMT – 722(K) Paradigm REAL-TIMEMedtronic · MMT – 522 / MMT – 722 Paradigm REAL-TIMEMedtronic · MMT – 523(K) / MMT – 723(K) ParadigmMedtronic · MMT – 523 / MMT – 723 Paradigm RevelMedtronic · MMT – 551 / MMT – 751 MiniMed 530GMedtronic · MMT – 554 / MMT – 754 MiniMed Veo

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.htmlhttps://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02http://www.securityfocus.com/bid/105044