Details of VAR-201805-1149

ID

VAR-201805-1149

CVE

CVE-2018-7518

TITLE

BeaconMedaes Scroll Medical Air Systems Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-005389

DESCRIPTION

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner. BeaconMedaes Scroll Medical Air Systems Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BeaconMedaes Scroll Medical Air Systems is a medical surgical air system from BeaconMedaes, USA. The TotalAlert Web Application is one of the web-based hypervisors. An attacker could exploit this vulnerability to retrieve default or user-defined credentials that were not stored and delivered securely

Trust: 2.34

sources: NVD: CVE-2018-7518 // JVNDB: JVNDB-2018-005389 // CNVD: CNVD-2018-10605 // IVD: e2f049de-39ab-11e9-b6a9-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f049de-39ab-11e9-b6a9-000c29342cb1 // CNVD: CNVD-2018-10605

AFFECTED PRODUCTS

vendor:	beaconmedaes	model:	scroll medical air systems	scope:	lt	version:	4107600010.23	Trust: 2.4
vendor:	scroll medical air	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f049de-39ab-11e9-b6a9-000c29342cb1 // CNVD: CNVD-2018-10605 // JVNDB: JVNDB-2018-005389 // NVD: CVE-2018-7518

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7518
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-7518
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-10605
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-808
value:	CRITICAL
Trust: 0.6
IVD:	e2f049de-39ab-11e9-b6a9-000c29342cb1
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2018-7518
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-10605
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f049de-39ab-11e9-b6a9-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7518
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2f049de-39ab-11e9-b6a9-000c29342cb1 // CNVD: CNVD-2018-10605 // JVNDB: JVNDB-2018-005389 // CNNVD: CNNVD-201805-808 // NVD: CVE-2018-7518

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2018-005389 // NVD: CVE-2018-7518

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-808

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-808

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005389

PATCH

title:	Scroll Medical Air Systems	url:	http://www.beaconmedaes.com/index.php?option=com_air&view=scroll&Itemid=117	Trust: 0.8
title:	Patch for BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application Information Disclosure Vulnerability (CNVD-2018-10605)	url:	https://www.cnvd.org.cn/patchInfo/show/130627	Trust: 0.6
title:	BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83690	Trust: 0.6

sources: CNVD: CNVD-2018-10605 // JVNDB: JVNDB-2018-005389 // CNNVD: CNNVD-201805-808

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7518	Trust: 3.2
db:	ICS CERT	id:	ICSMA-18-144-01	Trust: 3.0
db:	CNVD	id:	CNVD-2018-10605	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-808	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005389	Trust: 0.8
db:	IVD	id:	E2F049DE-39AB-11E9-B6A9-000C29342CB1	Trust: 0.2

sources: IVD: e2f049de-39ab-11e9-b6a9-000c29342cb1 // CNVD: CNVD-2018-10605 // JVNDB: JVNDB-2018-005389 // CNNVD: CNNVD-201805-808 // NVD: CVE-2018-7518

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-144-01	Trust: 3.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7518	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7518	Trust: 0.8

sources: CNVD: CNVD-2018-10605 // JVNDB: JVNDB-2018-005389 // CNNVD: CNNVD-201805-808 // NVD: CVE-2018-7518

SOURCES

db:	IVD	id:	e2f049de-39ab-11e9-b6a9-000c29342cb1
db:	CNVD	id:	CNVD-2018-10605
db:	JVNDB	id:	JVNDB-2018-005389
db:	CNNVD	id:	CNNVD-201805-808
db:	NVD	id:	CVE-2018-7518

LAST UPDATE DATE

2024-11-23T22:41:50.463000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10605	date:	2018-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2018-005389	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-808	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-7518	date:	2024-11-21T04:12:17.050

SOURCES RELEASE DATE

db:	IVD	id:	e2f049de-39ab-11e9-b6a9-000c29342cb1	date:	2018-05-30T00:00:00
db:	CNVD	id:	CNVD-2018-10605	date:	2018-05-30T00:00:00
db:	JVNDB	id:	JVNDB-2018-005389	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-808	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2018-7518	date:	2018-05-24T20:29:00.447