Lucene search
K

21 matches found

NVD
NVD
added 2017/12/05 11:29 p.m.16 views

CVE-2017-14018

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...

4.8CVSS5.3AI score0.00364EPSS
Exploits0References2
Prion
Prion
added 2017/12/05 11:29 p.m.60 views

Authentication flaw

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...

3.3CVSS5.2AI score0.00364EPSS
Exploits0References2
Cvelist
Cvelist
added 2017/12/05 11:0 p.m.16 views

CVE-2017-14018

An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...

5.3AI score0.00364EPSS
Exploits0References2
CVE
CVE
added 2017/12/05 11:0 p.m.47 views

CVE-2017-14018

Affected product : Ethicon Endo-Surgery Generator Gen11 (all versions released before 2017-11-29). Vulnerability : Improper Authentication (CWE-287) where the security mechanism between Gen11 and single-patient use products can be bypassed, allowing unauthorized devices to connect and potentially...

4.8CVSS5.3AI score0.00364EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2017/11/28 12:0 a.m.30 views

Ethicon Endo-Surgery Generator G11 Vulnerability

OVERVIEW Johnson & Johnson, the parent company of Ethicon Endo-Surgery, LLC, reported an improper authentication vulnerability in the Ethicon Endo-Surgery Generator Gen11. EthiconEndo-Surgery, LLC has produced updates that mitigate this vulnerability in the affected product. AFFECTED PRODUCTS The...

4.8CVSS5.2AI score0.00364EPSS
Exploits0References2
NVD
NVD
added 2016/10/05 10:59 a.m.16 views

CVE-2016-5686

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...

9.8CVSS9.6AI score0.04519EPSS
Exploits0References4
NVD
NVD
added 2016/10/05 10:59 a.m.18 views

CVE-2016-5086

Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...

9.8CVSS9.8AI score0.04519EPSS
Exploits0References5
NVD
NVD
added 2016/10/05 10:59 a.m.21 views

CVE-2016-5085

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...

7.8CVSS8.2AI score0.03864EPSS
Exploits0References5
NVD
NVD
added 2016/10/05 10:59 a.m.26 views

CVE-2016-5084

Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...

7.5CVSS7.9AI score0.02221EPSS
Exploits0References5
Prion
Prion
added 2016/10/05 10:59 a.m.21 views

Information disclosure

Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...

5CVSS6.8AI score0.02221EPSS
Exploits0References5
Prion
Prion
added 2016/10/05 10:59 a.m.20 views

Authentication flaw

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...

7.8CVSS7.4AI score0.03864EPSS
Exploits0References5
Prion
Prion
added 2016/10/05 10:59 a.m.17 views

Authentication flaw

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...

9.3CVSS7.5AI score0.04519EPSS
Exploits0References4
Cvelist
Cvelist
added 2016/10/05 10:0 a.m.30 views

CVE-2016-5086

Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...

9.8AI score0.04519EPSS
Exploits0References5
Cvelist
Cvelist
added 2016/10/05 10:0 a.m.21 views

CVE-2016-5686

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...

9.7AI score0.04519EPSS
Exploits0References4
CVE
CVE
added 2016/10/05 10:0 a.m.57 views

CVE-2016-5084

CVE-2016-5084 affects the Animas OneTouch Ping insulin pump system. Public details from ICS-CERT/URS indicate radio-frequency communications between the meter remote and pump transmit data in cleartext (CWE-319) and expose patient treatment/device data to unauthenticated remote listeners; related...

7.5CVSS7.8AI score0.02221EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2016/10/05 10:0 a.m.27 views

CVE-2016-5084

Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...

7.5AI score0.02221EPSS
Exploits0References5
Cvelist
Cvelist
added 2016/10/05 10:0 a.m.31 views

CVE-2016-5085

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...

7.8AI score0.03864EPSS
Exploits0References5
CVE
CVE
added 2016/10/05 10:0 a.m.49 views

CVE-2016-5086

The connected documents confirm CVE-2016-5086 affects the Animas OneTouch Ping insulin pump system, where a lack of protections in the custom radio-frequency protocol enables authentication bypass via capture‑replay. In practice, an unauthenticated remote attacker could replay captured commands t...

9.8CVSS9.6AI score0.04519EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2016/10/05 10:0 a.m.44 views

CVE-2016-5085

CVE-2016-5085 affects the Animas OneTouch Ping insulin pump system. The vulnerability stems from use of a static or non-changing CRC32-derived value as an encryption key during the pairing/authentication handshake, enabling an unauthenticated remote attacker to sniff RF communications between the...

7.8CVSS8.1AI score0.03864EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2016/10/05 10:0 a.m.43 views

CVE-2016-5686

The CVE-2016-5686 issue affects the Johnson & Johnson Animas OneTouch Ping insulin pump. It stems from a custom communication protocol that mishandles acknowledgements, allowing an unauthenticated remote attacker to spoof acknowledgement packets and bypass authentication. This could enable comman...

9.8CVSS9.5AI score0.04519EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder