CVE-2018-18564

Published: Nov 20, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2018-10284 Aliases: GSD-2018-18564

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,4

Source: [email protected]

Attack Vector: adjacent_network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Scope: changed

Confidentiality: none

Integrity: high

Availability: none

LOW 3,3

Source: [email protected]

Access Vector: adjacent_network

Access Complexity: low

Authentication: none

Confidentiality: none

Integrity: partial

Availability: none

Description

AI Translation Available

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0015

Percentile

0,4th

Updated

EPSS Score Trend (Last 90 Days)

Operating System

Accu-Chek Inform Ii Firmware by Roche

Product Information

Vendor Roche

Product Accu-Chek Inform Ii Firmware

Version Range Affected

From 04.00.00 (inclusive)

To 04.03.00 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:roche:accu-chek_inform_ii_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Coaguchek Pro Ii Firmware by Roche

Product Information

Vendor Roche

Product Coaguchek Pro Ii Firmware

Version Range Affected

To 04.03.00 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:roche:coaguchek_pro_ii_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Cobas H 232 Firmware by Roche

Product Information

Vendor Roche

Product Cobas H 232 Firmware

Version Range Affected

To 04.00.04 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:roche:cobas_h_232_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Operating System

Accu-Chek Inform Ii Firmware by Roche

Product Information

Vendor Roche

Product Accu-Chek Inform Ii Firmware

Version Range Affected

To 03.06.00 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:o:roche:accu-chek_inform_ii_firmware:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01

Mitigation Third Party Advisory US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01

http://www.securityfocus.com/bid/105843

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/105843

https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01

Mitigation Third Party Advisory US Government Resource

https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01

http://www.securityfocus.com/bid/105843

Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/105843

CVE-2018-18564

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 90 Days)

Accu-Chek Inform Ii Firmware by Roche

Product Information

Coaguchek Pro Ii Firmware by Roche

Product Information

Cobas H 232 Firmware by Roche

Product Information

Accu-Chek Inform Ii Firmware by Roche

Product Information

Iscriviti alla newsletter