CVE-2018-18564

Published: Nov 20, 2018Modified: Nov 21, 2024

7.4

Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 4.0

Source: NVD

Description

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration.

Affected (4)

Products: Roche: Accu Chek Inform Ii Firmware, Cobas H 232 Firmware, Coaguchek Pro Ii Firmware

Roche

3 products

Accu Chek Inform Ii Firmware

Cobas H 232 Firmware

Coaguchek Pro Ii Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Roche Accu Chek Inform Ii Firmware	Before 03.06.00
Roche Accu Chek Inform Ii Firmware	From 04.00.00 to 04.03.00

Running on/with	Platform Versions
Roche Accu Chek Inform Ii	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Roche Cobas H 232 Firmware	Before 04.00.04

Running on/with	Platform Versions
Roche Cobas H 232	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Roche Coaguchek Pro Ii Firmware	Before 04.03.00

Running on/with	Platform Versions
Roche Coaguchek Pro Ii	All versions

References (4)

http://www.securityfocus.com/bid/105843

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01

Source: cve@mitre.org

MitigationThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/105843

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.