Details of VAR-201806-1790

ID

VAR-201806-1790

CVE

CVE-2018-7510

TITLE

BeaconMedaes TotalAlert Scroll Medical Air Systems Information Disclosure Vulnerability

Trust: 0.8

sources: IVD: e2f5c81f-39ab-11e9-b1a5-000c29342cb1 // CNVD: CNVD-2018-12135

DESCRIPTION

In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. BeaconMedaes TotalAlert Scroll Medical Air Systems Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BeaconMedaes TotalAlert Scroll Medical Air Systems is a medical surgical air system from BeaconMedaes, USA. Web application is one of the web-based management programs. An attacker could exploit the vulnerability to gain unauthorized access to sensitive information

Trust: 2.34

sources: NVD: CVE-2018-7510 // JVNDB: JVNDB-2018-006321 // CNVD: CNVD-2018-12135 // IVD: e2f5c81f-39ab-11e9-b1a5-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2f5c81f-39ab-11e9-b1a5-000c29342cb1 // CNVD: CNVD-2018-12135

AFFECTED PRODUCTS

vendor:	beaconmedaes	model:	scroll medical air systems	scope:	lt	version:	4107600010.23	Trust: 1.8
vendor:	beaconmedaes	model:	totalalert scroll medical air systems	scope:	lte	version:	<=4107600010.23	Trust: 0.6
vendor:	scroll medical air	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2f5c81f-39ab-11e9-b1a5-000c29342cb1 // CNVD: CNVD-2018-12135 // JVNDB: JVNDB-2018-006321 // NVD: CVE-2018-7510

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-7510
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-7510
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-12135
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201806-345
value:	CRITICAL
Trust: 0.6
IVD:	e2f5c81f-39ab-11e9-b1a5-000c29342cb1
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2018-7510
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-12135
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f5c81f-39ab-11e9-b1a5-000c29342cb1
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-7510
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2f5c81f-39ab-11e9-b1a5-000c29342cb1 // CNVD: CNVD-2018-12135 // JVNDB: JVNDB-2018-006321 // CNNVD: CNNVD-201806-345 // NVD: CVE-2018-7510

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	CWE-256	Trust: 1.0
problemtype:	CWE-255	Trust: 0.8

sources: JVNDB: JVNDB-2018-006321 // NVD: CVE-2018-7510

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-345

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201806-345

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006321

PATCH

title:	Scroll Medical Air Systems	url:	http://www.beaconmedaes.com/index.php?option=com_air&view=scroll&Itemid=117	Trust: 0.8
title:	BeaconMedaes TotalAlert Scroll Medical Air Systems patch for information disclosure vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/132865	Trust: 0.6
title:	BeaconMedaes TotalAlert Scroll Medical Air Systems Web Fixes for application security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80703	Trust: 0.6

sources: CNVD: CNVD-2018-12135 // JVNDB: JVNDB-2018-006321 // CNNVD: CNNVD-201806-345

EXTERNAL IDS

db:	NVD	id:	CVE-2018-7510	Trust: 3.2
db:	ICS CERT	id:	ICSMA-18-144-01	Trust: 3.0
db:	CNVD	id:	CNVD-2018-12135	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-345	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-006321	Trust: 0.8
db:	IVD	id:	E2F5C81F-39AB-11E9-B1A5-000C29342CB1	Trust: 0.2

sources: IVD: e2f5c81f-39ab-11e9-b1a5-000c29342cb1 // CNVD: CNVD-2018-12135 // JVNDB: JVNDB-2018-006321 // CNNVD: CNNVD-201806-345 // NVD: CVE-2018-7510

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-144-01	Trust: 3.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7510	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-7510	Trust: 0.8

sources: CNVD: CNVD-2018-12135 // JVNDB: JVNDB-2018-006321 // CNNVD: CNNVD-201806-345 // NVD: CVE-2018-7510

SOURCES

db:	IVD	id:	e2f5c81f-39ab-11e9-b1a5-000c29342cb1
db:	CNVD	id:	CNVD-2018-12135
db:	JVNDB	id:	JVNDB-2018-006321
db:	CNNVD	id:	CNNVD-201806-345
db:	NVD	id:	CVE-2018-7510

LAST UPDATE DATE

2024-11-23T22:41:50.528000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-12135	date:	2018-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-006321	date:	2018-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201806-345	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-7510	date:	2024-11-21T04:12:16.207

SOURCES RELEASE DATE

db:	IVD	id:	e2f5c81f-39ab-11e9-b1a5-000c29342cb1	date:	2018-06-27T00:00:00
db:	CNVD	id:	CNVD-2018-12135	date:	2018-06-27T00:00:00
db:	JVNDB	id:	JVNDB-2018-006321	date:	2018-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201806-345	date:	2018-06-07T00:00:00
db:	NVD	id:	CVE-2018-7510	date:	2018-06-06T20:29:00.597