← Back

Anydana I Firmware

anydana-i_firmware

Vendor: Sooil • 8 CVEs

CVEs (8)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-27269
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
5.7 MEDIUM· v3
2.9 LOW· v2
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unau...Show more
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.Show less
CVE-2020-27268
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
6.5 MEDIUM· v3
3.3 LOW· v2
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to b...Show more
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.Show less
CVE-2020-27266
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
6.5 MEDIUM· v3
3.3 LOW· v2
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to b...Show more
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.Show less
CVE-2020-27264
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
8.8 HIGH· v3
3.3 LOW· v2
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticate...Show more
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.Show less
CVE-2020-27256
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
6.8 MEDIUM· v3
4.6 MEDIUM· v2
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.
CVE-2020-27276
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
5.7 MEDIUM· v3
2.9 LOW· v2
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entiti...Show more
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.Show less
CVE-2020-27272
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
5.7 MEDIUM· v3
2.9 LOW· v2
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys...Show more
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.Show less
CVE-2020-27270
1Sooil
3Anydana A Firmware
Anydana I FirmwareDiabecare Rs Firmware
Nov 21, 2024
Jan 19, 2021
N/A· v4
5.7 MEDIUM· v3
2.9 LOW· v2
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows una...Show more
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).Show less