Sign-up

ID

VAR-201811-0059


CVE

CVE-2018-18562


TITLE

plural Roche Vulnerabilities related to certificate and password management in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012879

DESCRIPTION

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface. plural Roche The product contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RocheAccu-ChekInformIIBaseUnit/BaseUnitHub and CoaguChek/cobash232HandheldBaseUnit are hand-held blood test medical devices from Roche, Switzerland. An authorization issue vulnerability exists in versions prior to RocheAccu-ChekInformIIBaseUnit/BaseUnitHub03.01.04 and prior to CoaguChek/cobash232HandheldBaseUnit03.01.04. An attacker could exploit this vulnerability to execute arbitrary commands on the operating system. Multiple Roche Point of Care Handheld Medical Services are prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An OS command-injection vulnerability 3. An arbitrary file-upload vulnerability 4. A remote code-execution vulnerability 5

Trust: 2.61

sources: NVD: CVE-2018-18562 // JVNDB: JVNDB-2018-012879 // CNVD: CNVD-2019-08983 // BID: 105843 // IVD: 388ac3a5-5c09-40c4-9636-9f7b015ceb2e

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 388ac3a5-5c09-40c4-9636-9f7b015ceb2e // CNVD: CNVD-2019-08983

AFFECTED PRODUCTS

vendor:rochemodel:base unit hubscope:ltversion:03.01.04

Trust: 1.0

vendor:rochemodel:coaguchekscope:ltversion:03.01.04

Trust: 1.0

vendor:rochemodel:cobas h 232scope:ltversion:03.01.04

Trust: 1.0

vendor:rochemodel:accu-chek inform iiscope:ltversion:03.01.04

Trust: 1.0

vendor:roche diagnosticsmodel:accu-chek inform iiscope:ltversion:03.01.04

Trust: 0.8

vendor:roche diagnosticsmodel:base unit hubscope:ltversion:03.01.04

Trust: 0.8

vendor:roche diagnosticsmodel:coaguchekscope:ltversion:03.01.04

Trust: 0.8

vendor:roche diagnosticsmodel:cobas h 232scope:ltversion:03.01.04

Trust: 0.8

vendor:rochemodel:accu-chek inform ii base unit/base unit hubscope:ltversion:03.01.04

Trust: 0.6

vendor:rochemodel:coaguchek/cobas h232 handheld base unitscope:ltversion:03.01.04

Trust: 0.6

vendor:rochemodel:cobas hscope:eqversion:2320

Trust: 0.3

vendor:rochemodel:coaguchek xs proscope:eqversion:0

Trust: 0.3

vendor:rochemodel:coaguchek xs plusscope:eqversion:0

Trust: 0.3

vendor:rochemodel:coaguchek pro iiscope:eqversion:0

Trust: 0.3

vendor:rochemodel:coaguchekscope:eqversion:0

Trust: 0.3

vendor:rochemodel:accu-chek inform ii instrumentscope:eqversion:0

Trust: 0.3

vendor:rochemodel:cobas hscope:neversion:2324.0.4

Trust: 0.3

vendor:rochemodel:cobas hscope:neversion:2323.1.4

Trust: 0.3

vendor:rochemodel:cobas hscope:neversion:2323.1.3

Trust: 0.3

vendor:rochemodel:coaguchek xs proscope:neversion:3.1.6

Trust: 0.3

vendor:rochemodel:coaguchek xs plusscope:neversion:3.1.6

Trust: 0.3

vendor:rochemodel:coaguchek pro iiscope:neversion:4.3

Trust: 0.3

vendor:rochemodel:coaguchekscope:neversion:3.1.4

Trust: 0.3

vendor:rochemodel:accu-chek inform ii instrumentscope:neversion:3.6

Trust: 0.3

vendor:accu chek inform iimodel: - scope:eqversion:*

Trust: 0.2

vendor:cobas h 232model: - scope:eqversion:*

Trust: 0.2

vendor:coaguchekmodel: - scope:eqversion:*

Trust: 0.2

vendor:base unit hubmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 388ac3a5-5c09-40c4-9636-9f7b015ceb2e // CNVD: CNVD-2019-08983 // BID: 105843 // JVNDB: JVNDB-2018-012879 // NVD: CVE-2018-18562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-18562
value: HIGH

Trust: 1.0

NVD: CVE-2018-18562
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-08983
value: LOW

Trust: 0.6

CNNVD: CNNVD-201811-115
value: HIGH

Trust: 0.6

IVD: 388ac3a5-5c09-40c4-9636-9f7b015ceb2e
value: HIGH

Trust: 0.2

nvd@nist.gov: CVE-2018-18562
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-08983
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 388ac3a5-5c09-40c4-9636-9f7b015ceb2e
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

nvd@nist.gov: CVE-2018-18562
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 388ac3a5-5c09-40c4-9636-9f7b015ceb2e // CNVD: CNVD-2019-08983 // JVNDB: JVNDB-2018-012879 // CNNVD: CNNVD-201811-115 // NVD: CVE-2018-18562

PROBLEMTYPE DATA

problemtype:CWE-521

Trust: 1.0

problemtype:CWE-255

Trust: 0.8

sources: JVNDB: JVNDB-2018-012879 // NVD: CVE-2018-18562

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201811-115

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201811-115

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012879

PATCH
title:Top Pageurl:https://diagnostics.roche.com/us/en/home.html
Trust: 0.8
title:Roche Accu-Chek Inform II Base Unit/Base Unit Hub  and CoaguChek/cobas h232 Handheld Base Unit Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100317
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-012879 // 
            
            
            
            CNNVD: CNNVD-201811-115

EXTERNAL IDS
db:NVDid:CVE-2018-18562
Trust: 3.5
db:ICS CERTid:ICSMA-18-310-01
Trust: 3.3
db:BIDid:105843
Trust: 1.9
db:CNVDid:CNVD-2019-08983
Trust: 0.8
db:CNNVDid:CNNVD-201811-115
Trust: 0.8
db:JVNDBid:JVNDB-2018-012879
Trust: 0.8
db:IVDid:388AC3A5-5C09-40C4-9636-9F7B015CEB2E
Trust: 0.2
sources:
            
            
            IVD: 388ac3a5-5c09-40c4-9636-9f7b015ceb2e // 
            
            
            
            CNVD: CNVD-2019-08983 // 
            
            
            
            BID: 105843 // 
            
            
            
            JVNDB: JVNDB-2018-012879 // 
            
            
            
            CNNVD: CNNVD-201811-115 // 
            
            
            
            NVD: CVE-2018-18562

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-310-01
Trust: 3.3
url:http://www.securityfocus.com/bid/105843
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18562
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-18562
Trust: 0.8
url:https://www.roche.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2019-08983 // 
            
            
            
            BID: 105843 // 
            
            
            
            JVNDB: JVNDB-2018-012879 // 
            
            
            
            CNNVD: CNNVD-201811-115 // 
            
            
            
            NVD: CVE-2018-18562

CREDITS
Niv Yehezkel of Medigate
Trust: 0.3
sources:
            
            
            BID: 105843

SOURCES
db:IVDid:388ac3a5-5c09-40c4-9636-9f7b015ceb2e
db:CNVDid:CNVD-2019-08983
db:BIDid:105843
db:JVNDBid:JVNDB-2018-012879
db:CNNVDid:CNNVD-201811-115
db:NVDid:CVE-2018-18562

LAST UPDATE DATE
2024-11-23T21:52:40.299000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-08983date:2019-04-03T00:00:00
db:BIDid:105843date:2018-11-06T00:00:00
db:JVNDBid:JVNDB-2018-012879date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-115date:2019-10-23T00:00:00
db:NVDid:CVE-2018-18562date:2024-11-21T03:56:09.663

SOURCES RELEASE DATE
db:IVDid:388ac3a5-5c09-40c4-9636-9f7b015ceb2edate:2019-04-03T00:00:00
db:CNVDid:CNVD-2019-08983date:2019-04-03T00:00:00
db:BIDid:105843date:2018-11-06T00:00:00
db:JVNDBid:JVNDB-2018-012879date:2019-02-08T00:00:00
db:CNNVDid:CNNVD-201811-115date:2018-11-07T00:00:00
db:NVDid:CVE-2018-18562date:2018-11-20T19:29:00.793