5.3
CVE-2018-10634
- EPSS 0.47%
- Veröffentlicht 13.08.2018 21:47:59
- Zuletzt bearbeitet 22.05.2025 17:15:21
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginMedtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information
Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Medtronic ≫ Minimed Paradigm Revel Mmt-723 Firmware Version-
Medtronic ≫ Minimed 530g Mmt-551 Firmware Version-
Medtronic ≫ Minimed 530g Mmt-751 Firmware Version-
Medtronic ≫ Minimed Paradigm Revel Mmt-523 Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.372 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 2.9 | 5.5 | 2.9 |
AV:A/AC:M/Au:N/C:P/I:N/A:N
|
| ics-cert@hq.dhs.gov | 4.8 | 1.2 | 3.6 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
http://www.securityfocus.com/bid/105044
https://ics-cert.us-cert.gov/advisories/ICSMA-18-219-02
https://global.medtronic.com/xg-en/product-security/security-bulletins/minimed.html