Services

IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing

Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure

Products

EXPLIoT

EXPLIoT is framework for IoT security testing
and exploitation.

CloudFuzz

CloudFuzz is platform that lets you code for bugs
by running your software with millions of test cases.

Who we are

About Us Payatu Bandits

Resources

Blogs MasterClass Series Case Studies E-Books New Advisory Media

Tools

securecode.wiki New

Pune Location Europe Location

Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Lack of Medical data encryption and integrity in Niscomed Multipara Patient Monitor

Vulnerability

Lack of User’s Medical data encryption and integrity

Vulnerability Description

An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. This data can be accessed using CVE-2020-15482/CVE-2020-15483 and tamper with the user’s medical data.

CVE-ID

CVE-2020-15484

Vendor

Nescomed

Product

M1000 Multipara Patient monitor

Disclosure Timeline

22 June 2020 reported to the vendor

22 July 2020 No response from the vendor and Public disclosure.

Credit

Arun Magesh

Technical Advisory