ICU Scandinavia Boomerang Missing Authentication Vulnerability in Device Receiver Endpoints

Vulnerability

A missing authentication vulnerability has been identified in ICU Scandinavia Boomerang, affecting all versions prior to 2.4.18.029. The flaw resides in the device receiver endpoints, where the absence of authentication allows unauthenticated remote attackers to access full facility configurations and write unauthorized data to the sensor database.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive facility configuration data and the ability to inject unauthorized information into the sensor database.

Remediation

Users can upgrade to version 2.4.18.029 or later to address this vulnerability.

Added: Jul 15, 2026, 1:34 PM
Updated: Jul 15, 2026, 1:34 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
3.1
exploitability
7.4
remediation
0.0
relevance
9.8
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.