Vulnerabilities > CVE-2020-27268 - Incorrect Resource Transfer Between Spheres vulnerability in Sooil products

CVSS 6.5 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

low complexity

sooil

CWE-669

NVD

Published: 2021-01-19

Updated: 2021-10-19

Summary

In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy.

Vulnerable Configurations

Part	Description	Count
OS	Sooil Sooil Anydana A Firmware * Sooil Anydana I Firmware * Sooil Diabecare RS Firmware *	3
Hardware	Sooil Sooil Anydana A - Sooil Anydana I - Sooil Diabecare RS -	3

Common Weakness Enumeration (CWE)

CWE-669 - Incorrect Resource Transfer Between Spheres

References

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01