Sign-up

ID

VAR-201805-0253


CVE

CVE-2018-10595


TITLE

ReadA In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005346

DESCRIPTION

A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. ReadA Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BD ReadA is a browser software used by BD (Bection, Dickinson and Commpany) in the United States. There are security vulnerabilities in BD ReadA 1.1.0.2 and earlier

Trust: 2.34

sources: NVD: CVE-2018-10595 // JVNDB: JVNDB-2018-005346 // CNVD: CNVD-2018-10583 // IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1 // CNVD: CNVD-2018-10583

AFFECTED PRODUCTS

vendor:bdmodel:database managerscope:eqversion:3.0.1.0

Trust: 1.6

vendor:bdmodel:readascope:lteversion:1.1.0.2

Trust: 1.0

vendor:bdmodel:performascope:lteversion:3.0.0.0

Trust: 1.0

vendor:becton dickinson and bdmodel:database managerscope: - version: -

Trust: 0.8

vendor:becton dickinson and bdmodel:performascope: - version: -

Trust: 0.8

vendor:becton dickinson and bdmodel:readascope: - version: -

Trust: 0.8

vendor:becton dickinson andmodel:readascope:lteversion:<=1.1.0.2

Trust: 0.6

vendor:bdmodel:readascope:eqversion:1.1.0.2

Trust: 0.6

vendor:bdmodel:performascope:eqversion:3.0.0.0

Trust: 0.6

vendor:database managermodel: - scope:eqversion:3.0.1.0

Trust: 0.2

vendor:performamodel: - scope:eqversion:*

Trust: 0.2

vendor:readamodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1 // CNVD: CNVD-2018-10583 // JVNDB: JVNDB-2018-005346 // CNNVD: CNNVD-201805-818 // NVD: CVE-2018-10595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10595
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-10595
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-10583
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201805-818
value: MEDIUM

Trust: 0.6

IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2018-10595
severity: MEDIUM
baseScore: 4.9
vectorString: AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-10583
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:H/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.2
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-10595
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.4
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1 // CNVD: CNVD-2018-10583 // JVNDB: JVNDB-2018-005346 // CNNVD: CNNVD-201805-818 // NVD: CVE-2018-10595

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

problemtype:CWE-356

Trust: 1.0

sources: JVNDB: JVNDB-2018-005346 // NVD: CVE-2018-10595

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201805-818

TYPE

SQL injection

Trust: 0.8

sources: IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1 // CNNVD: CNNVD-201805-818

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005346

PATCH
title:Product security bulletin for BD Kiestra TLA, BD Kiestra WCA, BD InoqulAurl:https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005346

EXTERNAL IDS
db:NVDid:CVE-2018-10595
Trust: 3.2
db:ICS CERTid:ICSMA-18-142-01
Trust: 3.0
db:CNVDid:CNVD-2018-10583
Trust: 0.8
db:CNNVDid:CNNVD-201805-818
Trust: 0.8
db:JVNDBid:JVNDB-2018-005346
Trust: 0.8
db:IVDid:E2F070F1-39AB-11E9-A5A2-000C29342CB1
Trust: 0.2
sources:
            
            
            IVD: e2f070f1-39ab-11e9-a5a2-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-10583 // 
            
            
            
            JVNDB: JVNDB-2018-005346 // 
            
            
            
            CNNVD: CNNVD-201805-818 // 
            
            
            
            NVD: CVE-2018-10595

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-142-01
Trust: 3.0
url:https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-bd-kiestra-tla-bd-kiestra-wca-bd-inoqula
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10595
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-10595
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-10583 // 
            
            
            
            JVNDB: JVNDB-2018-005346 // 
            
            
            
            CNNVD: CNNVD-201805-818 // 
            
            
            
            NVD: CVE-2018-10595

SOURCES
db:IVDid:e2f070f1-39ab-11e9-a5a2-000c29342cb1
db:CNVDid:CNVD-2018-10583
db:JVNDBid:JVNDB-2018-005346
db:CNNVDid:CNNVD-201805-818
db:NVDid:CVE-2018-10595

LAST UPDATE DATE
2024-11-23T22:17:30.871000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-10583date:2018-05-30T00:00:00
db:JVNDBid:JVNDB-2018-005346date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201805-818date:2019-10-17T00:00:00
db:NVDid:CVE-2018-10595date:2024-11-21T03:41:37.727

SOURCES RELEASE DATE
db:IVDid:e2f070f1-39ab-11e9-a5a2-000c29342cb1date:2018-05-30T00:00:00
db:CNVDid:CNVD-2018-10583date:2018-05-30T00:00:00
db:JVNDBid:JVNDB-2018-005346date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201805-818date:2018-05-25T00:00:00
db:NVDid:CVE-2018-10595date:2018-05-24T16:29:00.270