CVE-2018-18564
Last modified
CVE-2018-18564 is a vulnerability of currently unknown severity. An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration.. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Roche | Accu-Chek Inform Ii Firmware | < 03.06.00 |
| Roche | Accu-Chek Inform Ii Firmware | >= 04.00.00, < 04.03.00 |
| Roche | Cobas H 232 Firmware | < 04.00.04 |
| Roche | Coaguchek Pro Ii Firmware | < 04.03.00 |
References
- http://www.securityfocus.com/bid/105843Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01Mitigation, Third Party Advisory, US Government Resource
- http://www.securityfocus.com/bid/105843Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01Mitigation, Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-18564?
How severe is CVE-2018-18564?
How do I fix CVE-2018-18564?
Are you affected by CVE-2018-18564?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST