CVE-2020-27276

Published: Jan 19, 2021Modified: Nov 21, 2024

5.7

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.1 / Impact: 3.6

Source: NVD

Description

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.

Affected (3)

Products: Sooil: Anydana A Firmware, Anydana I Firmware, Diabecare Rs Firmware

Sooil

3 products

Anydana A Firmware

Anydana I Firmware

Diabecare Rs Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sooil Anydana A Firmware	Before 3.0

Running on/with	Platform Versions
Sooil Anydana A	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sooil Anydana I Firmware	Before 3.0

Running on/with	Platform Versions
Sooil Anydana I	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Sooil Diabecare Rs Firmware	Before 3.0

Running on/with	Platform Versions
Sooil Diabecare Rs	All versions

Related CWEs

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.