CVE-2020-27270 Information

Description

SOOIL Developments CoLtd DiabecareRS AnyDana-i AnyDana-A communication protocol of the insulin pump & AnyDana-iAnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.7