{"vulnerability": "CVE-2020-2727", "sightings": [{"uuid": "5859c8e9-19f6-4ef5-8f35-f73c2f5787a6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27278", "type": "seen", "source": "https://t.me/cibsecurity/24929", "content": "\u203c CVE-2020-27278 \u203c\n\nIn Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-coded credentials in the ventilator allow attackers with physical access to obtain admin privileges for the device\u00e2\u20ac\u2122s configuration interface.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-03-16T01:29:21.000000Z"}, {"uuid": "c862c16f-1275-4c65-bc13-9936f348b234", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27274", "type": "seen", "source": "https://t.me/cibsecurity/22670", "content": "\u203c CVE-2020-27274 \u203c\n\nSome parsing functions in the affected product do not check the return value of malloc and the thread handling the message is forced to close, which may lead to a denial-of-service condition on the OPC UA Tunneller (versions prior to 6.3.0.8233).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-26T22:36:23.000000Z"}, {"uuid": "82c06962-2959-4d45-ac34-beb39c75876c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27270", "type": "seen", "source": "https://t.me/cibsecurity/22289", "content": "\u203c CVE-2020-27270 \u203c\n\nSOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communication protocol of the insulin pump & AnyDana-i,AnyDana-A mobile apps doesnt use adequate measures to protect encryption keys in transit which allows unauthenticated physically proximate attacker to sniff keys via (BLE).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-19T20:56:08.000000Z"}, {"uuid": "2439f797-5ef3-4453-a60b-f71bd7286597", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27276", "type": "seen", "source": "https://t.me/cibsecurity/22293", "content": "\u203c CVE-2020-27276 \u203c\n\nSOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i & AnyDana-A mobile apps doesn't use adequate measures to authenticate the communicating entities before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the authentication sequence via Bluetooth Low Energy.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-19T20:56:11.000000Z"}, {"uuid": "3d1e1e9d-6085-46ca-b452-7ff78cfe50ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27272", "type": "seen", "source": "https://t.me/cibsecurity/22291", "content": "\u203c CVE-2020-27272 \u203c\n\nSOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-19T20:56:09.000000Z"}, {"uuid": "a060063e-fab5-459d-8598-7f0f1a05dbee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-27279", "type": "seen", "source": "https://t.me/cibsecurity/21676", "content": "\u203c CVE-2020-27279 \u203c\n\nA NULL pointer deference vulnerability has been identified in the protocol converter. An attacker could send a specially crafted packet that could reboot the device running Crimson 3.1 (Build versions prior to 3119.001).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-06T18:39:33.000000Z"}]}