Sign-up

ID

VAR-201901-0850


CVE

CVE-2018-19012


TITLE

plural Drager Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-014560

DESCRIPTION

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system. plural Drager The product contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dräger Infinity is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. An information disclosure vulnerability. 3. A privilege-escalation vulnerability. An attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions

Trust: 1.98

sources: NVD: CVE-2018-19012 // JVNDB: JVNDB-2018-014560 // BID: 106683 // VULHUB: VHN-129629

AFFECTED PRODUCTS

vendor:draegermodel:kappascope:eqversion:*

Trust: 1.0

vendor:draegermodel:infinity explorer c700scope:eqversion:*

Trust: 1.0

vendor:draegermodel:infinity deltascope:eqversion:*

Trust: 1.0

vendor:draegermodel:delta xlscope:eqversion:*

Trust: 1.0

vendor:dragermodel:infinity delta xlscope: - version: -

Trust: 0.8

vendor:dragermodel:infinity deltascope: - version: -

Trust: 0.8

vendor:dragermodel:infinity explorer c700scope: - version: -

Trust: 0.8

vendor:dragermodel:infinity kappascope: - version: -

Trust: 0.8

vendor:drägermodel:infinity kappascope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity explorer c700scope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity delta xlscope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity deltascope:eqversion:0

Trust: 0.3

vendor:drägermodel:infinity explorer c700 vf10.1scope:neversion: -

Trust: 0.3

sources: BID: 106683 // JVNDB: JVNDB-2018-014560 // NVD: CVE-2018-19012

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-19012
value: HIGH

Trust: 1.0

NVD: CVE-2018-19012
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-791
value: HIGH

Trust: 0.6

VULHUB: VHN-129629
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-19012
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-129629
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-19012
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-129629 // JVNDB: JVNDB-2018-014560 // CNNVD: CNNVD-201901-791 // NVD: CVE-2018-19012

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-129629 // JVNDB: JVNDB-2018-014560 // NVD: CVE-2018-19012

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201901-791

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201901-791

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014560

PATCH
title:Top Pageurl:https://www.draeger.com/en_corp/Home
Trust: 0.8
title:Multiple Drager Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88915
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014560 // 
            
            
            
            CNNVD: CNNVD-201901-791

EXTERNAL IDS
db:ICS CERTid:ICSMA-19-022-01
Trust: 2.8
db:NVDid:CVE-2018-19012
Trust: 2.8
db:BIDid:106683
Trust: 2.0
db:JVNDBid:JVNDB-2018-014560
Trust: 0.8
db:CNNVDid:CNNVD-201901-791
Trust: 0.6
db:VULHUBid:VHN-129629
Trust: 0.1
sources:
            
            
            VULHUB: VHN-129629 // 
            
            
            
            BID: 106683 // 
            
            
            
            JVNDB: JVNDB-2018-014560 // 
            
            
            
            CNNVD: CNNVD-201901-791 // 
            
            
            
            NVD: CVE-2018-19012

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-19-022-01
Trust: 2.8
url:http://www.securityfocus.com/bid/106683
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19012
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-19012
Trust: 0.8
url:https://www.draeger.com/en_in/home
Trust: 0.3
url:https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf
Trust: 0.3
sources:
            
            
            VULHUB: VHN-129629 // 
            
            
            
            BID: 106683 // 
            
            
            
            JVNDB: JVNDB-2018-014560 // 
            
            
            
            CNNVD: CNNVD-201901-791 // 
            
            
            
            NVD: CVE-2018-19012

CREDITS
Marc Ruef and Rocco Gagliardi from scip AG.
Trust: 0.3
sources:
            
            
            BID: 106683

SOURCES
db:VULHUBid:VHN-129629
db:BIDid:106683
db:JVNDBid:JVNDB-2018-014560
db:CNNVDid:CNNVD-201901-791
db:NVDid:CVE-2018-19012

LAST UPDATE DATE
2024-11-23T22:00:08.927000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-129629date:2019-10-09T00:00:00
db:BIDid:106683date:2019-01-22T00:00:00
db:JVNDBid:JVNDB-2018-014560date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201901-791date:2019-10-17T00:00:00
db:NVDid:CVE-2018-19012date:2024-11-21T03:57:09.830

SOURCES RELEASE DATE
db:VULHUBid:VHN-129629date:2019-01-28T00:00:00
db:BIDid:106683date:2019-01-22T00:00:00
db:JVNDBid:JVNDB-2018-014560date:2019-03-27T00:00:00
db:CNNVDid:CNNVD-201901-791date:2019-01-23T00:00:00
db:NVDid:CVE-2018-19012date:2019-01-28T21:29:00.253