CVE-2020-27272

Published: Jan 19, 2021Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.

Affected (3)

Products: Sooil: Anydana A Firmware, Anydana I Firmware, Diabecare Rs Firmware

Sooil

3 products

Anydana A Firmware

Anydana I Firmware

Diabecare Rs Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sooil Anydana A Firmware	Before 3.0

Running on/with	Platform Versions
Sooil Anydana A	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sooil Anydana I Firmware	Before 3.0

Running on/with	Platform Versions
Sooil Anydana I	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sooil Diabecare Rs Firmware	Before 3.0

Running on/with	Platform Versions
Sooil Diabecare Rs	All versions

References (2)

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.