CVE-2020-27258

Published: Jan 19, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.

Affected (3)

Products: Sooil: Anydana A, Anydana I, Dana Diabecare Rs Firmware

3 products

Dana Diabecare Rs Firmware

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Sooil Anydana A	Before 3.0
Sooil Anydana I	Before 3.0

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sooil Dana Diabecare Rs Firmware	Before 3.0

Running on/with	Platform Versions
Sooil Dana Diabecare Rs	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.