In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01 | Third Party Advisory US Government Resource |
Information
Published : 2021-01-19 13:15
Updated : 2021-01-22 11:51
NVD link : CVE-2020-27258
Mitre link : CVE-2020-27258
JSON object : View
CWE
CWE-522
Insufficiently Protected Credentials
Products Affected
sooil
- anydana-a
- anydana-i
- dana_diabecare_rs_firmware
- dana_diabecare_rs