CVE-2018-18561
Last modified
CVE-2018-18561 is a vulnerability of currently unknown severity. An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system.. EPSS estimates a 0.67% chance of exploitation in the next 30 days.
Description
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Roche | Accu-Chek Inform Ii Firmware | < 03.01.04 |
| Roche | Cobas H 232 Firmware | < 03.01.04 |
| Roche | Coaguchek Firmware | < 03.01.04 |
| Roche | Base Unit Hub Firmware | < 03.01.04 |
References
- http://www.securityfocus.com/bid/105843Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/105843Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-18561?
How severe is CVE-2018-18561?
How do I fix CVE-2018-18561?
Are you affected by CVE-2018-18561?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST