Details of VAR-201805-1151

ID

VAR-201805-1151

CVE

CVE-2018-7526

TITLE

BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: e2f049df-39ab-11e9-b0d9-000c29342cb1 // CNVD: CNVD-2018-10606

DESCRIPTION

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating. BeaconMedaes Scroll Medical Air Systems Contains an access control vulnerability.Information may be obtained. The TotalAlert Web Application is one of the web-based hypervisors

Trust: 2.43

sources: NVD: CVE-2018-7526 // JVNDB: JVNDB-2018-005390 // CNVD: CNVD-2018-10606 // IVD: e2f049df-39ab-11e9-b0d9-000c29342cb1 // VULMON: CVE-2018-7526

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f049df-39ab-11e9-b0d9-000c29342cb1 // CNVD: CNVD-2018-10606

AFFECTED PRODUCTS

vendor:	beaconmedaes	model:	scroll medical air systems	scope:	lt	version:	4107600010.23	Trust: 2.4
vendor:	scroll medical air	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f049df-39ab-11e9-b0d9-000c29342cb1 // CNVD: CNVD-2018-10606 // JVNDB: JVNDB-2018-005390 // NVD: CVE-2018-7526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7526
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-7526
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-10606
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-807
value:	HIGH
Trust: 0.6
IVD:	e2f049df-39ab-11e9-b0d9-000c29342cb1
value:	HIGH
Trust: 0.2
VULMON:	CVE-2018-7526
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-7526
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-10606
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f049df-39ab-11e9-b0d9-000c29342cb1
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7526
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2f049df-39ab-11e9-b0d9-000c29342cb1 // CNVD: CNVD-2018-10606 // VULMON: CVE-2018-7526 // JVNDB: JVNDB-2018-005390 // CNNVD: CNNVD-201805-807 // NVD: CVE-2018-7526

PROBLEMTYPE DATA

problemtype:	CWE-425	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2018-005390 // NVD: CVE-2018-7526

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-807

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-807

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005390

PATCH

title:	Scroll Medical Air Systems	url:	http://www.beaconmedaes.com/index.php?option=com_air&view=scroll&Itemid=117	Trust: 0.8
title:	BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/130625	Trust: 0.6
title:	BeaconMedaes Scroll Medical Air Systems TotalAlert Web Application Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83689	Trust: 0.6

sources: CNVD: CNVD-2018-10606 // JVNDB: JVNDB-2018-005390 // CNNVD: CNNVD-201805-807

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7526	Trust: 3.3
db:	ICS CERT	id:	ICSMA-18-144-01	Trust: 3.1
db:	CNVD	id:	CNVD-2018-10606	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-807	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-005390	Trust: 0.8
db:	IVD	id:	E2F049DF-39AB-11E9-B0D9-000C29342CB1	Trust: 0.2
db:	VULMON	id:	CVE-2018-7526	Trust: 0.1

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-144-01	Trust: 3.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7526	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7526	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/425.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/143757	Trust: 0.1

sources: CNVD: CNVD-2018-10606 // VULMON: CVE-2018-7526 // JVNDB: JVNDB-2018-005390 // CNNVD: CNNVD-201805-807 // NVD: CVE-2018-7526

SOURCES

db:	IVD	id:	e2f049df-39ab-11e9-b0d9-000c29342cb1
db:	CNVD	id:	CNVD-2018-10606
db:	VULMON	id:	CVE-2018-7526
db:	JVNDB	id:	JVNDB-2018-005390
db:	CNNVD	id:	CNNVD-201805-807
db:	NVD	id:	CVE-2018-7526

LAST UPDATE DATE

2024-11-23T22:41:50.495000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-10606	date:	2018-05-30T00:00:00
db:	VULMON	id:	CVE-2018-7526	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-005390	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-807	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2018-7526	date:	2024-11-21T04:12:17.973

SOURCES RELEASE DATE

db:	IVD	id:	e2f049df-39ab-11e9-b0d9-000c29342cb1	date:	2018-05-30T00:00:00
db:	CNVD	id:	CNVD-2018-10606	date:	2018-05-30T00:00:00
db:	VULMON	id:	CVE-2018-7526	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-005390	date:	2018-07-13T00:00:00
db:	CNNVD	id:	CNNVD-201805-807	date:	2018-05-25T00:00:00
db:	NVD	id:	CVE-2018-7526	date:	2018-05-24T20:29:00.493