← Back

CVE-2018-19014

nvd nist
Published: Jan 28, 2019Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration.

Affected (4)

Draeger
4 products
Kappa Firmware
Infinity Explorer C700 Firmware
Delta Xl Firmware
Infinity Delta Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Kappa Firmware
All versions
Running on/withPlatform Versions
Draeger
Kappa
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Infinity Explorer C700 Firmware
All versions
Running on/withPlatform Versions
Draeger
Infinity Explorer C700
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Delta Xl Firmware
All versions
Running on/withPlatform Versions
Draeger
Delta Xl
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Infinity Delta Firmware
All versions
Running on/withPlatform Versions
Draeger
Infinity Delta
All versions

Related CWEs

CWE-532
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (4)

Source: ics-cert@hq.dhs.gov
Third Party AdvisoryVDB Entry
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource

Timeline

No history available yet.