CVE-2018-18630

Published: Sep 6, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.

Affected (5)

Products: Mckesson: Horizon Cardiology Firmware, Cardiology Firmware · Changehealthcare: Cardiology Firmware

Mckesson

2 products

Horizon Cardiology Firmware

Cardiology Firmware

Changehealthcare

1 product

Cardiology Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mckesson Horizon Cardiology Firmware	From 12.0 to 12.2
Mckesson Horizon Cardiology Firmware	Version 11.0

Running on/with	Platform Versions
Mckesson Horizon Cardiology	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mckesson Cardiology Firmware	Version 13.0
Mckesson Cardiology Firmware	Version 14.0

Running on/with	Platform Versions
Mckesson Cardiology	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Changehealthcare Cardiology Firmware	Version 14.1.0

Running on/with	Platform Versions
Changehealthcare Cardiology	All versions

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-healthcare-cardiology-devices/

Source: cve@mitre.org

Third Party Advisory

https://www.us-cert.gov/ics/advisories/icsma-19-241-01

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-healthcare-cardiology-devices/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.us-cert.gov/ics/advisories/icsma-19-241-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.