Main Vulnerability Database Vulnerabilities #VU49519

#VU49519 Insufficiently protected credentials in SOOIL Developments Co., Ltd products - CVE-2020-27270

Published: January 14, 2021

Vulnerability identifier: #VU49519

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-27270

CWE-ID: CWE-522

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Dana Diabecare RS
AnyDana-i
AnyDana-A

Software vendor:
SOOIL Developments Co., Ltd

Description

The vulnerability allows a remot attacker to gain access to potentially sensitive information.

The vulnerability exists due to the communication protocol of the insulin pump and its mobile applications does not use adequate measures to protect encryption keys in transit. A remote attacker on the local network can sniff the keys via Bluetooth Low Energy.

Remediation

Install updates from vendor's website.

External links

https://ics-cert.us-cert.gov/advisories/icsma-21-012-01

#VU49519 Insufficiently protected credentials in SOOIL Developments Co., Ltd products - CVE-2020-27270

Description

Remediation

External links

Please verify you're human