Vulnerabilities > Sooil
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-19 | CVE-2020-27269 | Authentication Bypass by Capture-replay vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy. | 2.9 |
| 2021-01-19 | CVE-2020-27268 | Incorrect Resource Transfer Between Spheres vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. | 3.3 |
| 2021-01-19 | CVE-2020-27266 | Improper Authentication vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | 3.3 |
| 2021-01-19 | CVE-2020-27264 | Use of Insufficiently Random Values vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy. | 3.3 |
| 2021-01-19 | CVE-2020-27258 | Insufficiently Protected Credentials vulnerability in Sooil Anydana-A, Anydana-I and Dana Diabecare RS Firmware In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, an information disclosure vulnerability in the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy. | 3.3 |
| 2021-01-19 | CVE-2020-27256 | Use of Hard-coded Credentials vulnerability in Sooil products In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings. | 4.6 |
| 2021-01-19 | CVE-2020-27276 | Authentication Bypass by Spoofing vulnerability in Sooil products SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy. | 2.9 |
| 2021-01-19 | CVE-2020-27272 | Missing Authentication for Critical Function vulnerability in Sooil products SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE. | 2.9 |
| 2021-01-19 | CVE-2020-27270 | Insufficiently Protected Credentials vulnerability in Sooil products SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). | 2.9 |