7.8

CVE-2018-19012

EPSS 0.07%
Veröffentlicht 28.01.2019 21:29:00
Zuletzt bearbeitet 21.11.2024 03:57:09
Quelle ics-cert@hq.dhs.gov
CVE-Watchlists
Login
Unerledigt
Login

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Draeger ≫ Kappa Firmware

Draeger ≫ Kappa Version-

Draeger ≫ Infinity Explorer C700 Firmware

Draeger ≫ Infinity Explorer C700 Version-

Draeger ≫ Delta Xl Firmware

Draeger ≫ Delta Xl Version-

Draeger ≫ Infinity Delta Firmware

Draeger ≫ Infinity Delta Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.176

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://www.securityfocus.com/bid/106683

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2018-19012

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-19012

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-19012

EUVD