CVE-2018-18563

Name: CVE-2018-18563
Creator: NVD / NIST
Published: 2018-11-20T19:29:00.853+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.97%

Last modified Jun 17, 2026

CVE-2018-18563 is a vulnerability of currently unknown severity. An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message.. EPSS estimates a 0.97% chance of exploitation in the next 30 days.

Description

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message.

Metrics

EPSS Probability

0.97%

57.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-434

Affected Software

Vendor	Product	Versions
Roche	Accu-Chek Inform Ii Firmware	< 03.06.00
Roche	Accu-Chek Inform Ii Firmware	>= 04.00.00, < 04.03.00
Roche	Cobas H 232 Firmware	< 03.01.03
Roche	Cobas H 232 Firmware	>= 04.00.00, < 04.00.04
Roche	Coaguchek Pro Ii Firmware	< 04.03.00
Roche	Coaguchek Xs Plus Firmware	< 03.01.06
Roche	Coaguchek Xs Pro Firmware	< 03.01.06

References

http://www.securityfocus.com/bid/105843Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01Mitigation, Third Party Advisory, US Government Resource
http://www.securityfocus.com/bid/105843Third Party Advisory, VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01Mitigation, Third Party Advisory, US Government Resource

Timeline

Published: Nov 20, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-18563?

How severe is CVE-2018-18563?

Severity scoring for CVE-2018-18563 is pending analysis. The EPSS model estimates a 0.97% probability of exploitation in the next 30 days.

How do I fix CVE-2018-18563?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-18563?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST