SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2021-01-19T16:18:13
Updated: 2021-01-19T16:18:13
Reserved: 2020-10-19T00:00:00
Link: CVE-2020-27272
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-19T17:15:12.613
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-27272
JSON object: View
Redhat Information
No data.
CWE