7.8
CVE-2018-8867
- EPSS 2.07%
- Published 18.05.2018 20:29:00
- Last modified 21.11.2024 04:14:29
- Source ics-cert@hq.dhs.gov
- Teams watchlist Login
- Open Login
In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.
Data is provided by the National Vulnerability Database (NVD)
Ge ≫ Pacsystems Rx3i Cpe305 Firmware Version <= 9.20
Ge ≫ Pacsystems Rx3i Cpe310 Firmware Version <= 9.20
Ge ≫ Rx3i Cpe330 Firmware Version <= 9.21
Ge ≫ Rx3i Cpe 400 Firmware Version <= 9.30
Ge ≫ Pacsystems Rsti-ep Cpe 100 Firmware Version-
Ge ≫ Pacsystems Cpu320 Firmware Version-
Ge ≫ Pacsystems Cru320 Firmware Version-
Ge ≫ Pacsystems Rxi Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.07% | 0.829 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 7.8 | 10 | 6.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.