LiveActive security incident?Get immediate response
CVE Record

CVE-2018-10634: Medtronic MiniMed MMT-500/MMT-503 Remote Controllers Cleartext Transmission of Sensitive Information

Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.

MediumCVSS 4.8Not KEV-listedUpdated
Glexia's TakeAutomated analysis

Security readout for executives and security teams

This issue means certain Medtronic MiniMed pump communications with wireless accessories were not encrypted. A nearby, skilled attacker could observe those transmissions and learn sensitive device information such as serial numbers. The cited CVSS impact is confidentiality-only, not direct insulin delivery disruption. Exposure is most likely in healthcare or patient environments where listed MiniMed or Paradigm pumps communicate with wireless accessories. This is not described as internet-facing; the source vector requires adjacent proximity and specific capability. Treat this as a moderate medical-device privacy risk. Prioritize inventory and vendor-guided action, especially where affected pumps remain in active patient care, but do not treat it as confirmed active exploitation or remote device control. Mitigation focus: Review Medtronic’s MiniMed product security bulletin for current vendor guidance.; Inventory listed MiniMed and Paradigm pump models in clinical and patient use.; Coordinate any device or accessory changes with clinical and biomedical teams..

Prepared

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-319: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2018-10634 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
4.8 (3.1)
Known Exploited
No
Published

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
4.8CVSS 3.1MediumCVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N1.23.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.1 score

4.8Medium
CVSS 3.1 vector shape for CVE-2018-10634Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone
Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
MedtronicMMT- 508 - MiniMed pumpAll versionsunaffected
MedtronicMMT – 511 pump ParadigmAll versionsunaffected
MedtronicMMT – 512 / MMT – 712 Paradigm x12All versionsunaffected
MedtronicMMT – 515 / MMT – 715 Paradigm x15All versionsunaffected
MedtronicMMT – 522 / MMT – 722 Paradigm REAL-TIMEAll versionsunaffected
MedtronicMMT – 522(K) / MMT – 722(K) Paradigm REAL-TIMEAll versionsunaffected
MedtronicMMT – 523 / MMT – 723 Paradigm RevelAll versionsunaffected
MedtronicMMT – 523(K) / MMT – 723(K) ParadigmAll versionsunaffected
MedtronicMMT – 554 / MMT – 754 MiniMed VeoAll versionsunaffected
MedtronicMMT – 551 / MMT – 751 MiniMed 530GAll versionsunaffected
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-319 · source CWE mapping

Cleartext Transmission of Sensitive Information

Cleartext Transmission of Sensitive Information represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.