ICSMA-21-012-01 · Published 2021-01-12 · View on CISA ICS-CERT ↗

SOOIL Dana Diabecare RS Products

CVSS 7.6 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, modify therapy settings, bypass authentication, or crash the device being accessed. These vulnerabilities could affect patient safety.

CVEs (9)

CVE-2020-27256 CVE-2020-27258 CVE-2020-27264 CVE-2020-27266 CVE-2020-27268 CVE-2020-27269 CVE-2020-27270 CVE-2020-27272 CVE-2020-27276

Remediations

Dana Diabecare recommends users update the Dana Diabecare insulin pumps to Version 3.0 or higher, or to the latest available release. Additionally, users are encouraged to immediately update AnyDana-A and AnyDana-i to Version 3.0 or higher. Also, SOOIL recommends users to apply these mitigating strategies:

Affected Vendors

SOOIL Developments Co, Ltd.

Affected Products (3)

SOOIL Developments Co, Ltd. · AnyDana-A < 3.0

SOOIL Developments Co, Ltd. · Dana Diabecare RS < 3.0

SOOIL Developments Co, Ltd. · AnyDana-i < 3.0

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more