Details of VAR-201901-0848

ID

VAR-201901-0848

CVE

CVE-2018-19010

TITLE

plural Drager Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014559

DESCRIPTION

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity. plural Drager The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. DrÃ¤ger Infinity is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. An information disclosure vulnerability. 3. A privilege-escalation vulnerability. An attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions. are all medical monitor equipment of German Drager company. Input validation vulnerabilities exist in several Drger products

Trust: 1.98

sources: NVD: CVE-2018-19010 // JVNDB: JVNDB-2018-014559 // BID: 106683 // VULHUB: VHN-129627

AFFECTED PRODUCTS

vendor:	draeger	model:	kappa	scope:	eq	version:	*	Trust: 1.0
vendor:	draeger	model:	infinity explorer c700	scope:	eq	version:	*	Trust: 1.0
vendor:	draeger	model:	infinity delta	scope:	eq	version:	*	Trust: 1.0
vendor:	draeger	model:	delta xl	scope:	eq	version:	*	Trust: 1.0
vendor:	drager	model:	infinity delta xl	scope:	-	version:	-	Trust: 0.8
vendor:	drager	model:	infinity delta	scope:	-	version:	-	Trust: 0.8
vendor:	drager	model:	infinity explorer c700	scope:	-	version:	-	Trust: 0.8
vendor:	drager	model:	infinity kappa	scope:	-	version:	-	Trust: 0.8
vendor:	dräger	model:	infinity kappa	scope:	eq	version:	0	Trust: 0.3
vendor:	dräger	model:	infinity explorer c700	scope:	eq	version:	0	Trust: 0.3
vendor:	dräger	model:	infinity delta xl	scope:	eq	version:	0	Trust: 0.3
vendor:	dräger	model:	infinity delta	scope:	eq	version:	0	Trust: 0.3
vendor:	dräger	model:	infinity explorer c700 vf10.1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 106683 // JVNDB: JVNDB-2018-014559 // NVD: CVE-2018-19010

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19010
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-19010
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-790
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-129627
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-19010
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-129627
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19010
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-129627 // JVNDB: JVNDB-2018-014559 // CNNVD: CNNVD-201901-790 // NVD: CVE-2018-19010

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-129627 // JVNDB: JVNDB-2018-014559 // NVD: CVE-2018-19010

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201901-790

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201901-790

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014559

PATCH

title:	Top Page	url:	https://www.draeger.com/en_corp/Home	Trust: 0.8
title:	Multiple Drager Fixes for product input validation vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88921	Trust: 0.6

sources: JVNDB: JVNDB-2018-014559 // CNNVD: CNNVD-201901-790

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19010	Trust: 2.8
db:	ICS CERT	id:	ICSMA-19-022-01	Trust: 2.8
db:	BID	id:	106683	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-014559	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-790	Trust: 0.7
db:	VULHUB	id:	VHN-129627	Trust: 0.1

sources: VULHUB: VHN-129627 // BID: 106683 // JVNDB: JVNDB-2018-014559 // CNNVD: CNNVD-201901-790 // NVD: CVE-2018-19010

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-19-022-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/106683	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19010	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19010	Trust: 0.8
url:	https://www.draeger.com/en_in/home	Trust: 0.3
url:	https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf	Trust: 0.3

sources: VULHUB: VHN-129627 // BID: 106683 // JVNDB: JVNDB-2018-014559 // CNNVD: CNNVD-201901-790 // NVD: CVE-2018-19010

CREDITS

Marc Ruef and Rocco Gagliardi from scip AG.

Trust: 0.3

sources: BID: 106683

SOURCES

db:	VULHUB	id:	VHN-129627
db:	BID	id:	106683
db:	JVNDB	id:	JVNDB-2018-014559
db:	CNNVD	id:	CNNVD-201901-790
db:	NVD	id:	CVE-2018-19010

LAST UPDATE DATE

2024-11-23T22:00:08.897000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-129627	date:	2019-10-09T00:00:00
db:	BID	id:	106683	date:	2019-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-014559	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201901-790	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-19010	date:	2024-11-21T03:57:09.583

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-129627	date:	2019-01-28T00:00:00
db:	BID	id:	106683	date:	2019-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2018-014559	date:	2019-03-27T00:00:00
db:	CNNVD	id:	CNNVD-201901-790	date:	2019-01-23T00:00:00
db:	NVD	id:	CVE-2018-19010	date:	2019-01-28T22:29:00.350