1. EXECUTIVE SUMMARY
- CVSS v4 5.1
- ATTENTION: Low attack complexity/public exploits are available
- Vendor: BPL Medical Technologies
- Equipment: PWS-01-BT, Be Well Android App
- Vulnerability: Cleartext Transmission of Sensitive Information
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to intercept and modify information as it being processed
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following BPL Medical Technologies products are affected:
- Be Well Android Application: Versions 3.64 and prior
- PWS-01-BT: All versions
3.2 Vulnerability Overview
3.2.1 Cleartext Transmission of Sensitive Information CWE-319
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)
CVE-2024-34463 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.6 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
A CVSS v4 score has also been calculated for CVE-2024-34463. A base score of 5.1 has been calculated; the CVSS vector string is (CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health Sector
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPAN
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: