Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Adjacent BLE radio range gives AV:A; no auth, complexity, or user interaction needed; only availability of the single BLE slot is impacted, so C:N/I:N/A:H.
Primary rating from Vendor (icscert).
CVSS VectorVendor: icscert
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection.
AnalysisAI
Denial-of-service in the Apollo Pharmacy Blood Glucose Monitoring System (model APG-01 BT) allows an attacker within Bluetooth Low Energy radio range to seize the device's single BLE connection slot, blocking the legitimate patient app or clinician from pairing and reading glucose measurements. The flaw is rooted in missing authorization (CWE-862) on connection acceptance and was disclosed through CISA's ICS Medical advisory ICSMA-26-169-01. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker's BLE radio to be within adjacent-network range of a powered-on APG-01 BT meter that is advertising or otherwise accepting an incoming central connection; no pairing key, prior authentication, user interaction, or non-default configuration is needed, which is consistent with AV:A/AC:L/AT:N/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N) accurately reflects an adjacent-network, unauthenticated, low-complexity attack with availability-only impact (VA:H, VC:N, VI:N), yielding 7.1. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker in a clinic waiting room, pharmacy, or shared household (within roughly 10 metres) uses a standard smartphone or a Linux laptop with BlueZ to scan for the APG-01 BT advertisement and initiates a GATT connection to it, then simply holds the link open. While the slot is occupied the patient's official app cannot connect, so the glucose reading cannot be transferred - repeated denial during a hypo/hyperglycaemic episode could delay treatment. … |
| Remediation | No vendor-released patch identified at time of analysis from the provided references; the ICSMA-26-169-01 advisory (https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01) should be consulted for any firmware update or mitigation guidance issued after publication, and end users should reach Apollo Pharmacy support (https://www.apollopharmacy.in/contact-us) for device-specific updates. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all APG-01 BT units deployed in clinical environments and notify clinical leadership and patient safety teams of the vulnerability. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-37970
GHSA-47r7-422p-6w2p