CVE-2026-50034 (GCVE-0-2026-50034)

Vulnerability from cvelistv5 – Published: 2026-06-18 23:47 – Updated: 2026-06-22 14:54
VLAI
Title
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information
Summary
An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values.
Severity
6.5 (Medium)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 (High)
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Credits
Rishitha Pucchakayala and Centre for Development of Advanced Computing (Hyderabad) reported these vulnerabilities to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-50034",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-22T14:54:09.331370Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-22T14:54:21.615Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Blood Glucose Monitoring System (Model No. APG-01 BT)",
          "vendor": "Apollo Pharmacy",
          "versions": [
            {
              "status": "affected",
              "version": "0x0110_v1.1.0"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rishitha Pucchakayala and Centre for Development of Advanced Computing (Hyderabad) reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An attacker within BLE communication range can passively intercept \nwireless traffic and obtain sensitive health-related information, \nincluding glucose measurement values."
            }
          ],
          "value": "An attacker within BLE communication range can passively intercept \nwireless traffic and obtain sensitive health-related information, \nincluding glucose measurement values."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-319",
              "description": "CWE-319",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-18T23:47:13.970Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.apollopharmacy.in/contact-us"
        },
        {
          "url": "https://www.cisa.gov/news-events/news/understanding-bluetooth-technology"
        },
        {
          "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01"
        },
        {
          "url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-169-01.json"
        }
      ],
      "source": {
        "advisory": "ICSMA-26-169-01",
        "discovery": "EXTERNAL"
      },
      "title": "Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eApollo Pharmacy did not respond to CISA\u0027s requests to coordinate. \nUsers are encouraged to reach out to Apollo Pharmacy directly for more \ninformation:\u003cbr\u003e\u003ca href=\"https://www.apollopharmacy.in/contact-us\"\u003ehttps://www.apollopharmacy.in/contact-us\u003c/a\u003e\u003c/p\u003e\n\u003cp\u003e\u003cbr\u003eCISA recommends users follow the \nguidance in the Understanding Bluetooth Technology blog:\u0026nbsp;\u003cbr\u003e\u003ca href=\"https://www.cisa.gov/news-events/news/understanding-bluetooth-technology\"\u003ehttps://www.cisa.gov/news-events/news/understanding-bluetooth-technology\u003c/a\u003e\u003c/p\u003e"
            }
          ],
          "value": "Apollo Pharmacy did not respond to CISA\u0027s requests to coordinate. \nUsers are encouraged to reach out to Apollo Pharmacy directly for more \ninformation:\n https://www.apollopharmacy.in/contact-us \n\n\n\n\n\nCISA recommends users follow the \nguidance in the Understanding Bluetooth Technology blog:\u00a0\n https://www.cisa.gov/news-events/news/understanding-bluetooth-technology"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2026-50034",
    "datePublished": "2026-06-18T23:47:13.970Z",
    "dateReserved": "2026-06-10T21:21:12.237Z",
    "dateUpdated": "2026-06-22T14:54:21.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-50034",
      "date": "2026-06-23",
      "epss": "0.00145",
      "percentile": "0.04118"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-50034\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-22T14:54:09.331370Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-22T14:54:15.957Z\"}}], \"cna\": {\"title\": \"Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information\", \"source\": {\"advisory\": \"ICSMA-26-169-01\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Rishitha Pucchakayala and Centre for Development of Advanced Computing (Hyderabad) reported these vulnerabilities to CISA.\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.1, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Apollo Pharmacy\", \"product\": \"Blood Glucose Monitoring System (Model No. APG-01 BT)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0x0110_v1.1.0\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.apollopharmacy.in/contact-us\"}, {\"url\": \"https://www.cisa.gov/news-events/news/understanding-bluetooth-technology\"}, {\"url\": \"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01\"}, {\"url\": \"https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsma-26-169-01.json\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Apollo Pharmacy did not respond to CISA\u0027s requests to coordinate. \\nUsers are encouraged to reach out to Apollo Pharmacy directly for more \\ninformation:\\n https://www.apollopharmacy.in/contact-us \\n\\n\\n\\n\\n\\nCISA recommends users follow the \\nguidance in the Understanding Bluetooth Technology blog:\\u00a0\\n https://www.cisa.gov/news-events/news/understanding-bluetooth-technology\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eApollo Pharmacy did not respond to CISA\u0027s requests to coordinate. \\nUsers are encouraged to reach out to Apollo Pharmacy directly for more \\ninformation:\u003cbr\u003e\u003ca href=\\\"https://www.apollopharmacy.in/contact-us\\\"\u003ehttps://www.apollopharmacy.in/contact-us\u003c/a\u003e\u003c/p\u003e\\n\u003cp\u003e\u003cbr\u003eCISA recommends users follow the \\nguidance in the Understanding Bluetooth Technology blog:\u0026nbsp;\u003cbr\u003e\u003ca href=\\\"https://www.cisa.gov/news-events/news/understanding-bluetooth-technology\\\"\u003ehttps://www.cisa.gov/news-events/news/understanding-bluetooth-technology\u003c/a\u003e\u003c/p\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An attacker within BLE communication range can passively intercept \\nwireless traffic and obtain sensitive health-related information, \\nincluding glucose measurement values.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An attacker within BLE communication range can passively intercept \\nwireless traffic and obtain sensitive health-related information, \\nincluding glucose measurement values.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-319\", \"description\": \"CWE-319\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2026-06-18T23:47:13.970Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-50034\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-22T14:54:21.615Z\", \"dateReserved\": \"2026-06-10T21:21:12.237Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2026-06-18T23:47:13.970Z\", \"assignerShortName\": \"icscert\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.