CVE-2020-27258

Name of the Vulnerable Software and Affected Versions: SOOIL Developments Co., Ltd Diabecare RS (affected versions not specified) AnyDana-i (affected versions not specified) AnyDana-A (affected versions not specified)

Description: An information disclosure issue in the communication protocol of the insulin pump and its mobile applications allows unauthenticated attackers to extract the pump’s keypad lock PIN via Bluetooth Low Energy.

Recommendations: For SOOIL Developments Co., Ltd Diabecare RS, consider restricting Bluetooth Low Energy access to minimize the risk of exploitation. For AnyDana-i, avoid using the keypad lock PIN feature until the issue is resolved. For AnyDana-A, restrict access to the insulin pump’s communication protocol to prevent unauthorized extraction of the keypad lock PIN. At the moment, there is no information about a newer version that contains a fix for this vulnerability.