Vulnerability Details CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.017
EPSS Ranking 81.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.kb.cert.org/vuls/id/884840
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
- https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
- http://www.kb.cert.org/vuls/id/884840
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
- https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
Products affected by CVE-2016-5084
-
cpe:2.3:h:animas:onetouch_ping:-
-
cpe:2.3:o:animas:onetouch_ping_firmware:-