Vulnerability Description
Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Animas | Onetouch Ping Firmware | - |
| Animas | Onetouch Ping | - |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/884840Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRSThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multipMitigationTechnical DescriptionThird Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
- http://www.kb.cert.org/vuls/id/884840Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRSThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multipMitigationTechnical DescriptionThird Party Advisory
- https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
FAQ
What is CVE-2016-5085?
CVE-2016-5085 is a vulnerability with a CVSS score of 7.5 (HIGH). Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authe...
How severe is CVE-2016-5085?
CVE-2016-5085 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5085?
Check the references section above for vendor advisories and patch information. Affected products include: Animas Onetouch Ping Firmware, Animas Onetouch Ping.