Multiple vulnerabilities in SOOIL Dana Diabecare RS Products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2020-27256 CVE-2020-27258 CVE-2020-27264 CVE-2020-27266 CVE-2020-27268 CVE-2020-27269 CVE-2020-27270 CVE-2020-27272 CVE-2020-27276 |
| CWE-ID | CWE-798 CWE-522 CWE-330 CWE-603 CWE-602 CWE-294 CWE-287 CWE-290 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Dana Diabecare RS Hardware solutions / Medical equipment AnyDana-i Hardware solutions / Medical equipment AnyDana-A Hardware solutions / Medical equipment |
| Vendor | SOOIL Developments Co., Ltd |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
Updated 14.1.2021
Added vulnerabilities #6-9
1) Use of hard-coded credentials
EUVDB-ID: #VU49509
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27256
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain full access to vulnerable system.
The vulnerability exists due to a hard-coded physician PIN in the physician menu of the insulin pump. An attacker with physical access can change insulin therapy settings.
MitigationInstall update from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Insufficiently protected credentials
EUVDB-ID: #VU49510
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27258
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remot attacker to gain access to potentially sensitive information.
The vulnerability exists due to insufficiently protected credentials in the communication protocol of the insulin pump and its mobile applications. A remote attacker on the local network can extract the pump’s keypad lock PIN via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use of insufficiently random values
EUVDB-ID: #VU49511
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27264
CWE-ID:
CWE-330 - Use of Insufficiently Random Values
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the communication protocol of the insulin pump and its mobile applications use deterministic keys. A remote attacker on the local network can brute-force the keys via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of Client-Side Authentication
EUVDB-ID: #VU49512
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27266
CWE-ID:
CWE-603 - Use of Client-Side Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to sensitive information on the system.
The vulnerability exists due a client-side control issue in the insulin pump and its mobile applications. A remote attacker on the local network can bypass user authentication checks via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Client-Side Enforcement of Server-Side Security
EUVDB-ID: #VU49513
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27268
CWE-ID:
CWE-602 - Client-Side Enforcement of Server-Side Security
Exploit availability: No
DescriptionThe vulnerability aloows a remote attacker to gain access to sensitive information on the system.
The vulnerability exists due to a client-side control issue in the insulin pump and its mobile applications. A remote attacker on the local network can bypass checks for default PINs via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Authentication Bypass by Capture-replay
EUVDB-ID: #VU49518
Risk: Low
CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27269
CWE-ID:
CWE-294 - Authentication Bypass by Capture-replay
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication on the target system.
The vulnerability exists due to the communication protocol of the insulin pump and its applications lacks replay protection measures. A remote attacker on the local network can replay communication sequences via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Insufficiently protected credentials
EUVDB-ID: #VU49519
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27270
CWE-ID:
CWE-522 - Insufficiently Protected Credentials
Exploit availability: No
DescriptionThe vulnerability allows a remot attacker to gain access to potentially sensitive information.
The vulnerability exists due to the communication protocol of the insulin pump and its mobile applications does not use adequate measures to protect encryption keys in transit. A remote attacker on the local network can sniff the keys via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper Authentication
EUVDB-ID: #VU49520
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27272
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to the communication protocol of the insulin pump and its mobile applications does not use adequate measures to authenticate the pump before exchanging keys. A remote attacker on the local network can eavesdrop the keys and spoof the pump via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Authentication Bypass by Spoofing
EUVDB-ID: #VU49521
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27276
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to the communication protocol of the insulin pump and its mobile applications does not use adequate measures to authenticate the communicating entities before exchanging keys. A remote attacker on the local network can eavesdrop the authentication sequence via Bluetooth Low Energy.
MitigationInstall updates from vendor's website.
Vulnerable software versionsDana Diabecare RS: before 3.0
AnyDana-i: before 3.0
AnyDana-A: before 3.0
External linkshttp://ics-cert.us-cert.gov/advisories/icsma-21-012-01
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
