CVE-2018-4846

Published: Jun 26, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.

Affected (4)

Products: Siemens: Rapidpoint 400 Firmware, Rapidpoint 500 Firmware, Rapidlab 1200 Firmware

Siemens

3 products

Rapidpoint 400 Firmware

Rapidpoint 500 Firmware

Rapidlab 1200 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Rapidpoint 400 Firmware	All versions

Running on/with	Platform Versions
Siemens Rapidpoint 400	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Rapidpoint 500 Firmware	Up to 2.3
Siemens Rapidpoint 500 Firmware	From 3.0

Running on/with	Platform Versions
Siemens Rapidpoint 500	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Siemens Rapidlab 1200 Firmware	Before 3.3

Running on/with	Platform Versions
Siemens Rapidlab 1200	All versions

Related CWEs

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf

Source: productcert@siemens.com

Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.