Vulnerabilities (CVE)

Filtered by vendor Sooil Subscribe
Filtered by product Anydana-i Firmware
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27268 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 3.3 LOW 6.5 MEDIUM
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.
CVE-2020-27276 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 2.9 LOW 5.7 MEDIUM
SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.
CVE-2020-27270 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 2.9 LOW 5.7 MEDIUM
SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).
CVE-2020-27264 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 3.3 LOW 8.8 HIGH
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.
CVE-2020-27266 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 3.3 LOW 6.5 MEDIUM
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy.
CVE-2020-27272 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 2.9 LOW 5.7 MEDIUM
SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.
CVE-2020-27269 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 2.9 LOW 5.7 MEDIUM
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy.
CVE-2020-27256 1 Sooil 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more 2024-02-28 4.6 MEDIUM 6.8 MEDIUM
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings.