Vulnerability Details : CVE-2018-18561
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system.
Products affected by CVE-2018-18561
- cpe:2.3:o:roche:accu-chek_inform_ii_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:roche:cobas_h_232_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:roche:coaguchek_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:roche:base_unit_hub_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-18561
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-18561
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.7
|
HIGH | AV:A/AC:L/Au:S/C:C/I:C/A:C |
5.1
|
10.0
|
NIST | |
8.0
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.1
|
5.9
|
NIST |
CWE ids for CVE-2018-18561
-
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-18561
-
https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01
Roche Diagnostics Point of Care Handheld Medical Devices (Update A) | CISAThird Party Advisory;US Government Resource
-
http://www.securityfocus.com/bid/105843
Multiple Roche Point of Care Handheld Medical Services Multiple Security VulnerabilitiesVDB Entry;Third Party Advisory
Jump to