VAR-201610-0162
Vulnerability from variot - Updated: 2023-12-18 12:51Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-294 It is published as https://cwe.mitre.org/data/definitions/294.htmlReflex attack by a third party ( Replay attack ) Authentication may be bypassed. Animas OneTouch Ping is prone to the following security vulnerabilities: 1. An information-disclosure vulnerability 2. Multiple security-bypass vulnerabilities 3. A Spoofing vulnerability An attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201610-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "onetouch ping",
"scope": null,
"trust": 1.6,
"vendor": "animas",
"version": null
},
{
"model": "onetouch ping",
"scope": "eq",
"trust": 1.6,
"vendor": "animas",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "johnson johnson",
"version": null
},
{
"model": "onetouch ping",
"scope": "eq",
"trust": 0.3,
"vendor": "animas",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:animas:onetouch_ping_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:animas:onetouch_ping:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tod Beardsley of Rapid7.",
"sources": [
{
"db": "BID",
"id": "93351"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5086",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5086",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-93905",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5086",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5086",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201610-005",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-93905",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Johnson \u0026 Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks. The Animas OneTouch Ping insulin pump contains multiple vulnerabilities that may allow an unauthenticated remote attacker to obtain patient treatment or device data, or execute commands on the device. The attacker cannot obtain personally identifiable information. In addition, JVNVU#95089754 Then CWE-294 It is published as https://cwe.mitre.org/data/definitions/294.htmlReflex attack by a third party ( Replay attack ) Authentication may be bypassed. Animas OneTouch Ping is prone to the following security vulnerabilities:\n1. An information-disclosure vulnerability\n2. Multiple security-bypass vulnerabilities\n3. A Spoofing vulnerability\nAn attacker can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, and perform certain unauthorized actions and to insert and display spoofed content. Other attacks are also possible. Animas OneTouch Ping is a medical self-service device for diabetic patients taking insulin from Animas Company of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "VULHUB",
"id": "VHN-93905"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#884840",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2016-5086",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-16-279-01",
"trust": 2.2
},
{
"db": "BID",
"id": "93351",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU95089754",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "34993",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93905",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
]
},
"id": "VAR-201610-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93905"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:30.118000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "OneTouch Ping Glucose Management System",
"trust": 0.8,
"url": "https://www.animas.com/diabetes-insulin-pump-and-bloog-glucose-meter/onetouch-ping-blood-glucose-monitor"
},
{
"title": "Important Information about the cybersecurity of your OneTouch Ping Insulin Infusion Pump",
"trust": 0.8,
"url": "https://www.animas.com/sites/default/files/pdf/final%20letter%20to%20patients%20regarding%20otp_10.04.16.16_web%20version.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
},
{
"trust": 2.8,
"url": "http://www.kb.cert.org/vuls/id/884840"
},
{
"trust": 2.2,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-16-279-01"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/bluu-a9sqrs"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/93351"
},
{
"trust": 0.8,
"url": "https://www.animas.com/our-pumps/one-touch-ping"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5086"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95089754/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5086"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/34993"
},
{
"trust": 0.3,
"url": "https://www.animas.com/diabetes-insulin-pump-and-bloog-glucose-meter/onetouch-ping-blood-glucose-monitor"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#884840"
},
{
"db": "VULHUB",
"id": "VHN-93905"
},
{
"db": "BID",
"id": "93351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-04T00:00:00",
"db": "CERT/CC",
"id": "VU#884840"
},
{
"date": "2016-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-93905"
},
{
"date": "2016-10-04T00:00:00",
"db": "BID",
"id": "93351"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"date": "2016-10-05T10:59:12.923000",
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-11T00:00:00",
"db": "CERT/CC",
"id": "VU#884840"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-93905"
},
{
"date": "2016-10-10T05:02:00",
"db": "BID",
"id": "93351"
},
{
"date": "2016-10-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-005122"
},
{
"date": "2016-12-24T02:59:41.340000",
"db": "NVD",
"id": "CVE-2016-5086"
},
{
"date": "2016-10-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Animas OneTouch Ping insulin pump contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#884840"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201610-005"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…