Details of VAR-201811-0060

ID

VAR-201811-0060

CVE

CVE-2018-18563

TITLE

plural Roche Access control vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-012880

DESCRIPTION

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message. plural Roche The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RocheAccu-ChekInformIIInstrument and others are hand-held blood test medical devices from Roche, Switzerland. There are device permission and access control vulnerabilities in the software update mechanism of several Roche devices. The vulnerability stems from the failure of the program to perform proper access control. The attacker can use the special update package to write the file to any file. Multiple Roche Point of Care Handheld Medical Services are prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An OS command-injection vulnerability 3. An arbitrary file-upload vulnerability 4. A remote code-execution vulnerability 5. An access bypass vulnerability An attacker can exploit these issues to bypass authentication mechanism, execute arbitrary commands and codes, upload arbitrary files, or to bypass security restrictions

Trust: 2.61

sources: NVD: CVE-2018-18563 // JVNDB: JVNDB-2018-012880 // CNVD: CNVD-2018-25434 // BID: 105843 // IVD: 7d81238f-463f-11e9-8b84-000c29342cb1

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 7d81238f-463f-11e9-8b84-000c29342cb1 // CNVD: CNVD-2018-25434

AFFECTED PRODUCTS

vendor:	roche	model:	coaguchek pro ii	scope:	lt	version:	04.03.00	Trust: 1.6
vendor:	roche	model:	coaguchek xs plus	scope:	lt	version:	03.01.06	Trust: 1.6
vendor:	roche	model:	accu-chek inform ii	scope:	lt	version:	04.03.00	Trust: 1.0
vendor:	roche	model:	accu-chek inform ii	scope:	lt	version:	03.06.00	Trust: 1.0
vendor:	roche	model:	cobas h 232	scope:	lt	version:	03.01.03	Trust: 1.0
vendor:	roche	model:	cobas h 232	scope:	gte	version:	04.00.00	Trust: 1.0
vendor:	roche	model:	cobas h 232	scope:	lt	version:	04.00.04	Trust: 1.0
vendor:	roche	model:	coaguchek xs pro	scope:	lt	version:	03.01.06	Trust: 1.0
vendor:	roche	model:	accu-chek inform ii	scope:	gte	version:	04.00.00	Trust: 1.0
vendor:	roche diagnostics	model:	accu-chek inform ii	scope:	eq	version:	04.03.00	Trust: 0.8
vendor:	roche diagnostics	model:	accu-chek inform ii	scope:	lt	version:	of 04.x	Trust: 0.8
vendor:	roche	model:	accu-chek inform ii instrument	scope:	lt	version:	03.06.00	Trust: 0.6
vendor:	roche	model:	coaguchek xs pro	scope:	-	version:	-	Trust: 0.6
vendor:	roche	model:	cobas h	scope:	eq	version:	232<03.01.03	Trust: 0.6
vendor:	roche	model:	cobas h	scope:	eq	version:	232<04.00.04	Trust: 0.6
vendor:	accu chek inform ii	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	cobas h 232	model:	-	scope:	eq	version:	*	Trust: 0.4
vendor:	roche	model:	cobas h	scope:	eq	version:	2320	Trust: 0.3
vendor:	roche	model:	coaguchek xs pro	scope:	eq	version:	0	Trust: 0.3
vendor:	roche	model:	coaguchek xs plus	scope:	eq	version:	0	Trust: 0.3
vendor:	roche	model:	coaguchek pro ii	scope:	eq	version:	0	Trust: 0.3
vendor:	roche	model:	coaguchek	scope:	eq	version:	0	Trust: 0.3
vendor:	roche	model:	accu-chek inform ii instrument	scope:	eq	version:	0	Trust: 0.3
vendor:	roche	model:	cobas h	scope:	ne	version:	2324.0.4	Trust: 0.3
vendor:	roche	model:	cobas h	scope:	ne	version:	2323.1.4	Trust: 0.3
vendor:	roche	model:	cobas h	scope:	ne	version:	2323.1.3	Trust: 0.3
vendor:	roche	model:	coaguchek xs pro	scope:	ne	version:	3.1.6	Trust: 0.3
vendor:	roche	model:	coaguchek xs plus	scope:	ne	version:	3.1.6	Trust: 0.3
vendor:	roche	model:	coaguchek pro ii	scope:	ne	version:	4.3	Trust: 0.3
vendor:	roche	model:	coaguchek	scope:	ne	version:	3.1.4	Trust: 0.3
vendor:	roche	model:	accu-chek inform ii instrument	scope:	ne	version:	3.6	Trust: 0.3
vendor:	coaguchek pro ii	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	coaguchek xs plus	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	coaguchek xs pro	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d81238f-463f-11e9-8b84-000c29342cb1 // CNVD: CNVD-2018-25434 // BID: 105843 // JVNDB: JVNDB-2018-012880 // NVD: CVE-2018-18563

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-18563
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-18563
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-25434
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-116
value:	CRITICAL
Trust: 0.6
IVD:	7d81238f-463f-11e9-8b84-000c29342cb1
value:	CRITICAL
Trust: 0.2

nvd@nist.gov:	CVE-2018-18563
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-25434
severity:	MEDIUM
baseScore:	5.9
vectorString:	AV:A/AC:H/AU:S/C:N/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d81238f-463f-11e9-8b84-000c29342cb1
severity:	MEDIUM
baseScore:	5.9
vectorString:	AV:A/AC:H/AU:S/C:N/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	2.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2018-18563
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: IVD: 7d81238f-463f-11e9-8b84-000c29342cb1 // CNVD: CNVD-2018-25434 // JVNDB: JVNDB-2018-012880 // CNNVD: CNNVD-201811-116 // NVD: CVE-2018-18563

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.0
problemtype:	CWE-284	Trust: 0.8

sources: JVNDB: JVNDB-2018-012880 // NVD: CVE-2018-18563

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201811-116

TYPE

Code problem

Trust: 0.8

sources: IVD: 7d81238f-463f-11e9-8b84-000c29342cb1 // CNNVD: CNNVD-201811-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012880

PATCH

title:	Top Page	url:	https://diagnostics.roche.com/us/en/home.html	Trust: 0.8
title:	Patches for multiple Roche device permissions and access control vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/147339	Trust: 0.6
title:	Multiple Roche Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100318	Trust: 0.6

sources: CNVD: CNVD-2018-25434 // JVNDB: JVNDB-2018-012880 // CNNVD: CNNVD-201811-116

EXTERNAL IDS

db:	NVD	id:	CVE-2018-18563	Trust: 3.5
db:	ICS CERT	id:	ICSMA-18-310-01	Trust: 3.3
db:	BID	id:	105843	Trust: 1.9
db:	CNVD	id:	CNVD-2018-25434	Trust: 0.8
db:	CNNVD	id:	CNNVD-201811-116	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-012880	Trust: 0.8
db:	IVD	id:	7D81238F-463F-11E9-8B84-000C29342CB1	Trust: 0.2

sources: IVD: 7d81238f-463f-11e9-8b84-000c29342cb1 // CNVD: CNVD-2018-25434 // BID: 105843 // JVNDB: JVNDB-2018-012880 // CNNVD: CNNVD-201811-116 // NVD: CVE-2018-18563

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-310-01	Trust: 3.3
url:	http://www.securityfocus.com/bid/105843	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18563	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-18563	Trust: 0.8
url:	https://www.roche.com/	Trust: 0.3

sources: CNVD: CNVD-2018-25434 // BID: 105843 // JVNDB: JVNDB-2018-012880 // CNNVD: CNNVD-201811-116 // NVD: CVE-2018-18563

CREDITS

Niv Yehezkel of Medigate

Trust: 0.3

sources: BID: 105843

SOURCES

db:	IVD	id:	7d81238f-463f-11e9-8b84-000c29342cb1
db:	CNVD	id:	CNVD-2018-25434
db:	BID	id:	105843
db:	JVNDB	id:	JVNDB-2018-012880
db:	CNNVD	id:	CNNVD-201811-116
db:	NVD	id:	CVE-2018-18563

LAST UPDATE DATE

2024-11-23T21:52:40.335000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-25434	date:	2018-12-14T00:00:00
db:	BID	id:	105843	date:	2018-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-012880	date:	2019-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201811-116	date:	2020-07-07T00:00:00
db:	NVD	id:	CVE-2018-18563	date:	2024-11-21T03:56:09.813

SOURCES RELEASE DATE

db:	IVD	id:	7d81238f-463f-11e9-8b84-000c29342cb1	date:	2018-12-14T00:00:00
db:	CNVD	id:	CNVD-2018-25434	date:	2018-12-14T00:00:00
db:	BID	id:	105843	date:	2018-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-012880	date:	2019-02-08T00:00:00
db:	CNNVD	id:	CNNVD-201811-116	date:	2018-11-07T00:00:00
db:	NVD	id:	CVE-2018-18563	date:	2018-11-20T19:29:00.853