CVE-2020-27268

Name of the Vulnerable Software and Affected Versions: Diabecare RS (affected versions not specified) AnyDana-i (affected versions not specified) AnyDana-A (affected versions not specified)

Description: A client-side control issue in the insulin pump and its mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. This could potentially affect a significant number of devices, although the exact number is not specified.

Recommendations: For Diabecare RS, consider disabling Bluetooth Low Energy connectivity until a patch is available. For AnyDana-i, restrict access to the default PIN check functionality to minimize the risk of exploitation. For AnyDana-A, avoid using the default PIN configuration until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.