Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2016-5686 (GCVE-0-2016-5686)

Vulnerability from nvd – Published: 2016-10-05 10:00 – Updated: 2024-08-06 01:07

Summary

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:59.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5686",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:07:59.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5086 (GCVE-0-2016-5086)

Vulnerability from nvd – Published: 2016-10-05 10:00 – Updated: 2024-08-06 00:53

Summary

Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:47.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T21:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5086",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:53:47.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5085 (GCVE-0-2016-5085)

Vulnerability from nvd – Published: 2016-10-05 10:00 – Updated: 2024-08-06 00:53

Summary

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:47.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T21:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5085",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5085",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:53:47.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5084 (GCVE-0-2016-5084)

Vulnerability from nvd – Published: 2016-10-05 10:00 – Updated: 2024-08-06 00:53

Summary

Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:47.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T21:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5084",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:53:47.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5084 (GCVE-0-2016-5084)

Vulnerability from cvelistv5 – Published: 2016-10-05 10:00 – Updated: 2024-08-06 00:53

Summary

Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:47.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T21:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5084",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might allow remote attackers to obtain sensitive information by sniffing the network."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5084",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:53:47.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5086 (GCVE-0-2016-5086)

Vulnerability from cvelistv5 – Published: 2016-10-05 10:00 – Updated: 2024-08-06 00:53

Summary

Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:47.099Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T21:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via replay attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5086",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:53:47.099Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5686 (GCVE-0-2016-5686)

Vulnerability from cvelistv5 – Published: 2016-10-05 10:00 – Updated: 2024-08-06 01:07

Summary

Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T01:07:59.884Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for remote attackers to bypass authentication via a custom communication protocol."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5686",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-06-16T00:00:00.000Z",
    "dateUpdated": "2024-08-06T01:07:59.884Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-5085 (GCVE-0-2016-5085)

Vulnerability from cvelistv5 – Published: 2016-10-05 10:00 – Updated: 2024-08-06 00:53

Summary

Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

certcc

References

URL

Tags

	https://community.rapid7.com/community/infosec/bl…	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/BLUU-A9SQRS	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01	x_refsource_MISC
	http://www.kb.cert.org/vuls/id/884840	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/bid/93351	vdb-entryx_refsource_BID

Date Public ?

2016-10-04 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:53:47.380Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
          },
          {
            "name": "VU#884840",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884840"
          },
          {
            "name": "93351",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93351"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-10-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-22T21:57:01.000Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
        },
        {
          "name": "VU#884840",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884840"
        },
        {
          "name": "93351",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93351"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2016-5085",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Johnson \u0026 Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes it easier for remote attackers to spoof meters by sniffing the network and then engaging in an authentication handshake."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump"
            },
            {
              "name": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS",
              "refsource": "MISC",
              "url": "http://www.kb.cert.org/vuls/id/BLUU-A9SQRS"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-16-279-01"
            },
            {
              "name": "VU#884840",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884840"
            },
            {
              "name": "93351",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93351"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2016-5085",
    "datePublished": "2016-10-05T10:00:00.000Z",
    "dateReserved": "2016-05-26T00:00:00.000Z",
    "dateUpdated": "2024-08-06T00:53:47.380Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

8 vulnerabilities found for onetouch_ping_firmware by animas

CVE-2016-5686 (GCVE-0-2016-5686)

CVE-2016-5086 (GCVE-0-2016-5086)

CVE-2016-5085 (GCVE-0-2016-5085)

CVE-2016-5084 (GCVE-0-2016-5084)

CVE-2016-5084 (GCVE-0-2016-5084)

CVE-2016-5086 (GCVE-0-2016-5086)

CVE-2016-5686 (GCVE-0-2016-5686)

CVE-2016-5085 (GCVE-0-2016-5085)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.