CVE-2020-27266

Name of the Vulnerable Software and Affected Versions: Diabecare RS (affected versions not specified) AnyDana-i (affected versions not specified) AnyDana-A (affected versions not specified)

Description: A client-side control issue in the insulin pump and its mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. This affects the Diabecare RS, AnyDana-i, and AnyDana-A products.

Recommendations: For Diabecare RS, consider disabling Bluetooth Low Energy connectivity until a patch is available. For AnyDana-i, restrict access to the mobile application's authentication features to minimize the risk of exploitation. For AnyDana-A, avoid using the device in areas where physically proximate attackers could bypass user authentication checks via Bluetooth Low Energy until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.