21 matches found
CVE-2017-14018
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...
Authentication flaw
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...
CVE-2017-14018
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...
CVE-2017-14018
Affected product : Ethicon Endo-Surgery Generator Gen11 (all versions released before 2017-11-29). Vulnerability : Improper Authentication (CWE-287) where the security mechanism between Gen11 and single-patient use products can be bypassed, allowing unauthorized devices to connect and potentially...
Ethicon Endo-Surgery Generator G11 Vulnerability
OVERVIEW Johnson & Johnson, the parent company of Ethicon Endo-Surgery, LLC, reported an improper authentication vulnerability in the Ethicon Endo-Surgery Generator Gen11. EthiconEndo-Surgery, LLC has produced updates that mitigate this vulnerability in the affected product. AFFECTED PRODUCTS The...
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
Information disclosure
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
Authentication flaw
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...
Authentication flaw
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5086
Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks...
CVE-2016-5686
Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol...
CVE-2016-5084
CVE-2016-5084 affects the Animas OneTouch Ping insulin pump system. Public details from ICS-CERT/URS indicate radio-frequency communications between the meter remote and pump transmit data in cleartext (CWE-319) and expose patient treatment/device data to unauthenticated remote listeners; related...
CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network...
CVE-2016-5085
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake...
CVE-2016-5086
The connected documents confirm CVE-2016-5086 affects the Animas OneTouch Ping insulin pump system, where a lack of protections in the custom radio-frequency protocol enables authentication bypass via capture‑replay. In practice, an unauthenticated remote attacker could replay captured commands t...
CVE-2016-5085
CVE-2016-5085 affects the Animas OneTouch Ping insulin pump system. The vulnerability stems from use of a static or non-changing CRC32-derived value as an encryption key during the pairing/authentication handshake, enabling an unauthenticated remote attacker to sniff RF communications between the...
CVE-2016-5686
The CVE-2016-5686 issue affects the Johnson & Johnson Animas OneTouch Ping insulin pump. It stems from a custom communication protocol that mishandles acknowledgements, allowing an unauthenticated remote attacker to spoof acknowledgement packets and bypass authentication. This could enable comman...