VAR-201610-0160
Vulnerability from variot - Updated: 2023-12-18 12:51Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-319 It is published as https://cwe.mitre.org/data/definitions/319.htmlIf a third party intercepts the network, important information may be obtained. Animas OneTouch Ping is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple security-bypass vulnerabilities 3. A Spoofing vulnerability An attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States. The Animas OneTouch Ping device has a security flaw, which stems from the fact that the program does not encrypt data
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "onetouch ping",
"scope": null,
"trust": 1.6,
"vendor": "animas",
"version": null
},
{
"model": "onetouch ping",
"scope": "eq",
"trust": 1.6,
"vendor": "animas",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "johnson johnson",
"version": null
},
{
"model": "onetouch ping",
"scope": "eq",
"trust": 0.3,
"vendor": "animas",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:animas:onetouch_ping_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:animas:onetouch_ping:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5084"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tod Beardsley of Rapid7.",
"sources": [
{
"db": "BID",
"id": "93351"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5084",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5084",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93903",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5084",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5084",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-007",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93903",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-319 It is published as https://cwe.mitre.org/data/definitions/319.htmlIf a third party intercepts the network, important information may be obtained. Animas OneTouch Ping is prone to the following security vulnerabilities:\n1. An information-disclosure vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A Spoofing vulnerability\nAn attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States. The Animas OneTouch Ping device has a security flaw, which stems from the fact that the program does not encrypt data",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "VULHUB",
"id": "VHN-93903"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#884840",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5084",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-16-279-01",
"trust": 2.2
},
{
"db": "BID",
"id": "93351",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU95089754",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-007",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "34991",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93903",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93903"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
]
},
"id": "VAR-201610-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93903"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:30.150000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OneTouch Ping Glucose Management System",
"trust": 0.8,
"url": "https://www.animas.com/diabetes-insulin-pump-and-bloog-glucose-meter/onetouch-ping-blood-glucose-monitor"
},
{
"title": "Important Information about the cybersecurity of your OneTouch Ping Insulin Infusion Pump",
"trust": 0.8,
"url": "https://www.animas.com/sites/default/files/pdf/final%20letter%20to%20patients%20regarding%20otp_10.04.16.16_web%20version.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93903"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"db": "NVD",
"id": "CVE-2016-5084"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/884840"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-16-279-01"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9sqrs"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93351"
},
{
"trust": 0.8,
"url": "https://www.animas.com/our-pumps/one-touch-ping"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5084"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95089754/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5084"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34991"
},
{
"trust": 0.3,
"url": "https://www.animas.com/diabetes-insulin-pump-and-bloog-glucose-meter/onetouch-ping-blood-glucose-monitor"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93903"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93903"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-04T00:00:00",
"db": "CERT/CC",
"id": "VU#884840"
},
{
"date": "2016-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-93903"
},
{
"date": "2016-10-04T00:00:00",
"db": "BID",
"id": "93351"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"date": "2016-10-05T10:59:10.640000",
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#884840"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-93903"
},
{
"date": "2016-10-10T05:02:00",
"db": "BID",
"id": "93351"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005120"
},
{
"date": "2016-12-24T02:59:41.233000",
"db": "NVD",
"id": "CVE-2016-5084"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Animas OneTouch Ping insulin pump contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-007"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…