Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Diabecare_rs_firmware
(Sooil)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 8 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-19 | CVE-2020-27268 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 6.5 | ||
| 2021-01-19 | CVE-2020-27264 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy. | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 8.8 | ||
| 2021-01-19 | CVE-2020-27269 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy. | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 5.7 | ||
| 2021-01-19 | CVE-2020-27272 | SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE. | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 5.7 | ||
| 2021-01-19 | CVE-2020-27256 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings. | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 6.8 | ||
| 2021-01-19 | CVE-2020-27276 | SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy. | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 5.7 | ||
| 2021-01-19 | CVE-2020-27266 | In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 6.5 | ||
| 2021-01-19 | CVE-2020-27270 | SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). | Anydana\-A_firmware, Anydana\-I_firmware, Diabecare_rs_firmware | 5.7 |