Anydana-a Firmware Security Vulnerabilities and Issues — Anydana-a Firmware CVE List

Lucene search

SooilAnydana-a Firmware

8 matches found

CVE•added 2021/01/19 9:15 p.m.•51 views

CVE-2020-27256

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.

6.8CVSS6.3AI score0.00053EPSS

CVE•added 2021/01/19 5:15 p.m.•47 views

CVE-2020-27276

SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate a...

5.7CVSS5.3AI score0.00078EPSS

CVE•added 2021/01/19 9:15 p.m.•45 views

CVE-2020-27264

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Ene...

8.8CVSS8.6AI score0.00097EPSS

CVE•added 2021/01/19 10:15 p.m.•44 views

CVE-2020-27268

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.

6.5CVSS6.4AI score0.00072EPSS

CVE•added 2021/01/19 10:15 p.m.•42 views

CVE-2020-27266

6.5CVSS6.6AI score0.00068EPSS

CVE•added 2021/01/19 10:15 p.m.•40 views

CVE-2020-27269

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences v...

5.7CVSS5.6AI score0.00089EPSS

CVE•added 2021/01/19 5:15 p.m.•36 views

CVE-2020-27272

SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the...

5.7CVSS5.1AI score0.00094EPSS

CVE•added 2021/01/19 5:15 p.m.•29 views

CVE-2020-27270

SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).

5.7CVSS5.1AI score0.00048EPSS