SOOIL Diabecare RS/AnyDana-i/AnyDana-A up to 2.x Bluetooth LE random values

EntryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic has been found in SOOIL Diabecare RS, AnyDana-i and AnyDana-A up to 2.x (Medical Device Software). This affects an unknown part of the component Bluetooth LE Handler. Upgrading to version 3.0 eliminates this vulnerability.

Field01/20/2021 08:13 AM02/15/2021 03:28 PM02/15/2021 03:34 PM
vendorSOOILSOOILSOOIL
nameDiabecare RS/AnyDana-i/AnyDana-ADiabecare RS/AnyDana-i/AnyDana-ADiabecare RS/AnyDana-i/AnyDana-A
componentBluetooth LE HandlerBluetooth LE HandlerBluetooth LE Handler
cwe330 (weak encryption)330 (weak encryption)330 (weak encryption)
risk111
cvss3_vuldb_avAAA
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
identifiericsma-21-012-01icsma-21-012-01icsma-21-012-01
urlhttps://us-cert.cisa.gov/ics/advisories/icsma-21-012-01https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01
nameUpgradeUpgradeUpgrade
cveCVE-2020-27264CVE-2020-27264CVE-2020-27264
date1611097200 (01/20/2021)1611097200 (01/20/2021)1611097200 (01/20/2021)
cvss2_vuldb_avAAA
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore3.33.33.3
cvss3_vuldb_basescore4.34.34.3
cvss3_meta_basescore4.34.36.5
price_0day$0-$5k$0-$5k$0-$5k
cvss2_vuldb_tempscore2.92.92.9
cvss3_vuldb_tempscore4.14.14.1
cvss3_meta_tempscore4.14.16.2
version<=2.x<=2.x<=2.x
typeMedical Device SoftwareMedical Device SoftwareMedical Device Software
upgrade_version3.03.03.0
cve_assigned16030584001603058400
cve_nvd_summaryIn SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy.
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cH
cvss3_nvd_iH
cvss3_nvd_aH
cvss2_nvd_avA
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cvss2_nvd_basescore3.3
cvss3_nvd_basescore8.8
cvss3_nvd_avA
cvss3_nvd_acL
cvss3_nvd_prN

Do you need the next level of professionalism?

Upgrade your account now!