← Back

CVE-2018-19012

nvd nist
Published: Jan 28, 2019Modified: Nov 21, 2024

JSON object

Loading...
7.8
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Via a specific dialog it is possible to break out of the kiosk mode and reach the underlying operating system. By breaking out of the kiosk mode, an attacker is able to take control of the operating system.

Affected (4)

Draeger
4 products
Kappa Firmware
Infinity Explorer C700 Firmware
Delta Xl Firmware
Infinity Delta Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Kappa Firmware
All versions
Running on/withPlatform Versions
Draeger
Kappa
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Infinity Explorer C700 Firmware
All versions
Running on/withPlatform Versions
Draeger
Infinity Explorer C700
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Delta Xl Firmware
All versions
Running on/withPlatform Versions
Draeger
Delta Xl
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Infinity Delta Firmware
All versions
Running on/withPlatform Versions
Draeger
Infinity Delta
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.