Vulnerability Description
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sooil | Anydana-A Firmware | < 3.0 |
| Sooil | Anydana-A | - |
| Sooil | Anydana-I Firmware | < 3.0 |
| Sooil | Anydana-I | - |
| Sooil | Diabecare Rs Firmware | < 3.0 |
| Sooil | Diabecare Rs | - |
References
- https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01Third Party AdvisoryUS Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2020-27272?
CVE-2020-27272 is a vulnerability with a CVSS score of 5.7 (MEDIUM). SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump be...
How severe is CVE-2020-27272?
CVE-2020-27272 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-27272?
Check the references section above for vendor advisories and patch information. Affected products include: Sooil Anydana-A Firmware, Sooil Anydana-A, Sooil Anydana-I Firmware, Sooil Anydana-I, Sooil Diabecare Rs Firmware.