CVE-2018-8867

Published: May 18, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

Affected (8)

Products: Ge: Pacsystems Rx3i Cpe305 Firmware, Pacsystems Rx3i Cpe310 Firmware, Rx3i Cpe330 Firmware, Rx3i Cpe 400 Firmware, Pacsystems Rsti Ep Cpe 100 Firmware, Pacsystems Cpu320 Firmware, Pacsystems Cru320 Firmware, Pacsystems Rxi Firmware

8 products

Pacsystems Rx3i Cpe305 Firmware

Pacsystems Rx3i Cpe310 Firmware

Rx3i Cpe330 Firmware

Rx3i Cpe 400 Firmware

Pacsystems Rsti Ep Cpe 100 Firmware

Pacsystems Cpu320 Firmware

Pacsystems Cru320 Firmware

Pacsystems Rxi Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Pacsystems Rx3i Cpe305 Firmware	Up to 9.20

Running on/with	Platform Versions
Ge Pacsystems Rx3i Cpe305	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Pacsystems Rx3i Cpe310 Firmware	Up to 9.20

Running on/with	Platform Versions
Ge Pacsystems Rx3i Cpe310	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Rx3i Cpe330 Firmware	Up to 9.21

Running on/with	Platform Versions
Ge Rx3i Cpe330	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Rx3i Cpe 400 Firmware	Up to 9.30

Running on/with	Platform Versions
Ge Rx3i Cpe 400	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Pacsystems Rsti Ep Cpe 100 Firmware	All versions

Running on/with	Platform Versions
Ge Pacsystems Rsti Ep Cpe 100	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Pacsystems Cpu320 Firmware	All versions

Running on/with	Platform Versions
Ge Pacsystems Cpu320	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Pacsystems Cru320 Firmware	All versions

Running on/with	Platform Versions
Ge Pacsystems Cru320	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Ge Pacsystems Rxi Firmware	All versions

Running on/with	Platform Versions
Ge Pacsystems Rxi	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://www.securityfocus.com/bid/104241

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01

Source: ics-cert@hq.dhs.gov

MitigationThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/104241

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party AdvisoryUS Government Resource

Timeline

No history available yet.