Vulnerability Details CVE-2016-5084
Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 80.4%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://www.kb.cert.org/vuls/id/884840
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
- https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
- http://www.kb.cert.org/vuls/id/884840
- http://www.kb.cert.org/vuls/id/BLUU-A9SQRS
- http://www.securityfocus.com/bid/93351
- https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
- https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01
Products affected by CVE-2016-5084
-
cpe:2.3:h:animas:onetouch_ping:-
-
cpe:2.3:o:animas:onetouch_ping_firmware:-