GCVE - cpe:2.3:o:sooil:diabecare_rs_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:sooil:diabecare_rs_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Sooil (`0a1c92c5-cd72-5210-b563-eeac20f7288d`)
Product	Diabecare Rs Firmware (`7fc07188-783c-5d97-b2f5-d8e09b71226f`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-27276`	vulnerable	2026-06-08 05:23:52.539666	Details available SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy. Published: 2021-01-19T16:18:20.000Z Updated: 2024-08-04T16:11:36.643Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27272`	vulnerable	2026-06-08 05:23:52.530803	Details available SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE. Published: 2021-01-19T16:18:13.000Z Updated: 2024-08-04T16:11:36.580Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27270`	vulnerable	2026-06-08 05:23:52.530015	Details available SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE). Published: 2021-01-19T16:17:59.000Z Updated: 2024-08-04T16:11:36.599Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27269`	vulnerable	2026-06-08 05:23:52.523913	Details available In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications lacks replay protection measures, which allows unauthenticated, physically proximate attackers to replay communication sequences via Bluetooth Low Energy. Published: 2021-01-19T21:17:59.000Z Updated: 2024-08-04T16:11:36.578Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27268`	vulnerable	2026-06-08 05:23:52.523158	Details available In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. Published: 2021-01-19T21:17:53.000Z Updated: 2024-08-04T16:11:36.584Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27266`	vulnerable	2026-06-08 05:23:52.521017	Details available In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. Published: 2021-01-19T21:17:33.000Z Updated: 2024-08-04T16:11:36.390Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27264`	vulnerable	2026-06-08 05:23:52.517894	Details available In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy. Published: 2021-01-19T20:46:53.000Z Updated: 2024-08-04T16:11:36.425Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-27256`	vulnerable	2026-06-08 05:23:52.481064	Details available In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings. Published: 2021-01-19T20:46:30.000Z Updated: 2024-08-04T16:11:36.321Z Open on db.gcve.eu Reference links https://us-cert.cisa.gov/ics/advisories/icsma-21-012-01	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.