20 matches found
EUVD-2016-6629
Malware in sbrugna...
EUVD-2016-6038
Malware in sbrugna...
Animas OneTouch Ping Authentication Bypass Vulnerability (CNVD-2016-08537)
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. The Animas OneTouch Ping device uses a customized communication protocol that allows an unauthenticated remote attacker to bypass authentication by relaying the attack and spoofing the affected...
Animas OneTouch Ping Data Forgery Vulnerability
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. A security vulnerability exists in the Animas OneTouch Ping device that stems from the program failing to properly generate random numbers. A remote attacker could exploit the vulnerability to...
Animas OneTouch Ping Authentication Bypass Vulnerability
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. The Animas OneTouch Ping device uses a customized communication protocol that allows an unauthenticated remote attacker to bypass authentication through a constructed confirmation packet that...
Animas OneTouch Ping Information Disclosure Vulnerability
The Animas OneTouch Ping is a medical self-service device for diabetics taking insulin from Animas USA. A security vulnerability exists in the Animas OneTouch Ping device that stems from the program not encrypting data. A remote attacker could exploit the vulnerability by sniffing a network to...
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
Information disclosure
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
Authentication flaw
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5686
The CVE-2016-5686 issue affects the Johnson & Johnson Animas OneTouch Ping insulin pump. It stems from a custom communication protocol that mishandles acknowledgements, allowing an unauthenticated remote attacker to spoof acknowledgement packets and bypass authentication. This could enable comman...
CVE-2016-5086
The connected documents confirm CVE-2016-5086 affects the Animas OneTouch Ping insulin pump system, where a lack of protections in the custom radio-frequency protocol enables authentication bypass via capture‑replay. In practice, an unauthenticated remote attacker could replay captured commands t...
CVE-2016-5084
CVE-2016-5084 affects the Animas OneTouch Ping insulin pump system. Public details from ICS-CERT/URS indicate radio-frequency communications between the meter remote and pump transmit data in cleartext (CWE-319) and expose patient treatment/device data to unauthenticated remote listeners; related...
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5085
CVE-2016-5085 affects the Animas OneTouch Ping insulin pump system. The vulnerability stems from use of a static or non-changing CRC32-derived value as an encryption key during the pairing/authentication handshake, enabling an unauthenticated remote attacker to sniff RF communications between the...
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
Animas OneTouch Ping insulin pump contains multiple vulnerabilities
Overview The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. Description CWE-319:...