Sign-up

ID

VAR-201805-0252


CVE

CVE-2018-10593


TITLE

DB Manager and PerformA In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005345

DESCRIPTION

A vulnerability in DB Manager version 3.0.1.0 and previous and PerformA version 3.0.0.0 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in data corruption. DB Manager and PerformA In SQL An injection vulnerability exists.Information is falsified and denial of service (DoS) May be in a state. BD DB Manager and PerformA are products of BD (Bection, Dickinson and Commpany). BD DB Manager is a database manager. PerformA is a performance manager. Security vulnerabilities exist in BD DB Manager 3.0.1.0 and earlier and PerformA 3.0.0.0 and earlier. An attacker could exploit the vulnerability to issue SQL commands, causing data corruption

Trust: 2.34

sources: NVD: CVE-2018-10593 // JVNDB: JVNDB-2018-005345 // CNVD: CNVD-2018-10584 // IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1 // CNVD: CNVD-2018-10584

AFFECTED PRODUCTS

vendor:bdmodel:database managerscope:eqversion:3.0.1.0

Trust: 1.6

vendor:bdmodel:readascope:lteversion:1.1.0.2

Trust: 1.0

vendor:bdmodel:performascope:lteversion:3.0.0.0

Trust: 1.0

vendor:becton dickinson and bdmodel:database managerscope: - version: -

Trust: 0.8

vendor:becton dickinson and bdmodel:performascope: - version: -

Trust: 0.8

vendor:becton dickinson and bdmodel:readascope: - version: -

Trust: 0.8

vendor:becton dickinson andmodel:db managerscope:lteversion:<=3.0.1.0

Trust: 0.6

vendor:becton dickinson andmodel:performascope:lteversion:<=3.0.0.0

Trust: 0.6

vendor:bdmodel:readascope:eqversion:1.1.0.2

Trust: 0.6

vendor:bdmodel:performascope:eqversion:3.0.0.0

Trust: 0.6

vendor:database managermodel: - scope:eqversion:3.0.1.0

Trust: 0.2

vendor:performamodel: - scope:eqversion:*

Trust: 0.2

vendor:readamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1 // CNVD: CNVD-2018-10584 // JVNDB: JVNDB-2018-005345 // CNNVD: CNNVD-201805-819 // NVD: CVE-2018-10593

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10593
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-10593
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-10584
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-819
value: MEDIUM

Trust: 0.6

IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-10593
severity: LOW
baseScore: 3.8
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.4
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-10584
severity: MEDIUM
baseScore: 6.2
vectorString: AV:A/AC:H/AU:N/C:N/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1
severity: MEDIUM
baseScore: 6.2
vectorString: AV:A/AC:H/AU:N/C:N/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-10593
baseSeverity: MEDIUM
baseScore: 5.6
vectorString: CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.4
impactScore: 5.2
version: 3.0

Trust: 1.8

sources: IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1 // CNVD: CNVD-2018-10584 // JVNDB: JVNDB-2018-005345 // CNNVD: CNNVD-201805-819 // NVD: CVE-2018-10593

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

problemtype:CWE-356

Trust: 1.0

sources: JVNDB: JVNDB-2018-005345 // NVD: CVE-2018-10593

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-819

TYPE

SQL injection

Trust: 0.8

sources: IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1 // CNNVD: CNNVD-201805-819

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005345

PATCH
title:Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulAurl:https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005345

EXTERNAL IDS
db:NVDid:CVE-2018-10593
Trust: 3.2
db:ICS CERTid:ICSMA-18-142-01
Trust: 3.0
db:CNVDid:CNVD-2018-10584
Trust: 0.8
db:CNNVDid:CNNVD-201805-819
Trust: 0.8
db:JVNDBid:JVNDB-2018-005345
Trust: 0.8
db:IVDid:E2F0BF0F-39AB-11E9-89CB-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f0bf0f-39ab-11e9-89cb-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-10584 // 
            
            
            
            JVNDB: JVNDB-2018-005345 // 
            
            
            
            CNNVD: CNNVD-201805-819 // 
            
            
            
            NVD: CVE-2018-10593

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-142-01
Trust: 3.0
url:https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10593
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10593
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-10584 // 
            
            
            
            JVNDB: JVNDB-2018-005345 // 
            
            
            
            CNNVD: CNNVD-201805-819 // 
            
            
            
            NVD: CVE-2018-10593

SOURCES
db:IVDid:e2f0bf0f-39ab-11e9-89cb-000c29342cb1
db:CNVDid:CNVD-2018-10584
db:JVNDBid:JVNDB-2018-005345
db:CNNVDid:CNNVD-201805-819
db:NVDid:CVE-2018-10593

LAST UPDATE DATE
2024-11-23T22:17:30.901000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-10584date:2018-05-30T00:00:00
db:JVNDBid:JVNDB-2018-005345date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201805-819date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10593date:2024-11-21T03:41:37.477

SOURCES RELEASE DATE
db:IVDid:e2f0bf0f-39ab-11e9-89cb-000c29342cb1date:2018-05-30T00:00:00
db:CNVDid:CNVD-2018-10584date:2018-05-30T00:00:00
db:JVNDBid:JVNDB-2018-005345date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201805-819date:2018-05-25T00:00:00
db:NVDid:CVE-2018-10593date:2018-05-24T16:29:00.223