Code injection

2021-01-1917:15:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.1%

JSON

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).

CPENameOperatorVersion
anydana-a_firmwarelt3.0
anydana-i_firmwarelt3.0
diabecare_rs_firmwarelt3.0

Name	Operator	Version
anydana-a_firmware	lt	3.0
anydana-i_firmware	lt	3.0
diabecare_rs_firmware	lt	3.0

References

us-cert.cisa.gov/ics/advisories/icsma-21-012-01