CVE-2020-10597

Name of the Vulnerable Software and Affected Versions Delta Industrial Automation DOPSoft versions 4.00.08.15 and prior

Description The issue allows an attacker to exploit multiple out-of-bounds read vulnerabilities by processing specially crafted project files. This may enable the attacker to read information and/or crash the application. Additionally, there is a concern with a wireless RF communication protocol that does not properly implement authentication or authorization, potentially allowing an attacker to modify and/or intercept data, change settings, and control insulin delivery.

Recommendations For Delta Industrial Automation DOPSoft versions 4.00.08.15 and prior, update to a version later than 4.00.08.15 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for the insulin pump issue.