Main Vulnerability Database Vulnerabilities #VU49520

Improper Authentication in SOOIL Developments Co., Ltd products - CVE-2020-27272

Published: January 14, 2021

Vulnerability identifier: #VU49520

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-27272

CWE-ID: CWE-287

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Dana Diabecare RS
AnyDana-i
AnyDana-A

Software vendor:
SOOIL Developments Co., Ltd

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the communication protocol of the insulin pump and its mobile applications does not use adequate measures to authenticate the pump before exchanging keys. A remote attacker on the local network can eavesdrop the keys and spoof the pump via Bluetooth Low Energy.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-012-01

Improper Authentication in SOOIL Developments Co., Ltd products - CVE-2020-27272

Description

Remediation

External links

Please verify you're human