6.8

CVE-2018-18565

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial number below KQ0400000 or KS0400000), and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RocheAccu-chek Inform Ii Firmware Version < 03.06.00
   RocheAccu-chek Inform Ii Version-
RocheAccu-chek Inform Ii Firmware Version >= 04.00.00 < 04.03.00
   RocheAccu-chek Inform Ii Version-
RocheCobas H 232 Firmware Version < 03.01.03
   RocheCobas H 232 Version-
RocheCobas H 232 Firmware Version >= 04.00.00 < 04.00.04
   RocheCobas H 232 Version-
RocheCoaguchek Pro Ii Firmware Version < 04.03.00
   RocheCoaguchek Pro Ii Version-
RocheCoaguchek Xs Plus Firmware Version < 03.01.06
   RocheCoaguchek Xs Plus Version-
RocheCoaguchek Xs Pro Firmware Version < 03.01.06
   RocheCoaguchek Xs Pro Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.19% 0.376
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 2.3 4
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
nvd@nist.gov 4.1 5.1 4.9
AV:A/AC:L/Au:S/C:N/I:P/A:P
CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

http://www.securityfocus.com/bid/105843
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01
Third Party Advisory
US Government Resource
Mitigation