CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.4%
An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system.
Vendor | Product | Version | CPE |
---|---|---|---|
roche | accu-chek_inform_ii_firmware | * | cpe:2.3:o:roche:accu-chek_inform_ii_firmware:*:*:*:*:*:*:*:* |
roche | accu-chek_inform_ii | - | cpe:2.3:h:roche:accu-chek_inform_ii:-:*:*:*:*:*:*:* |
roche | cobas_h_232_firmware | * | cpe:2.3:o:roche:cobas_h_232_firmware:*:*:*:*:*:*:*:* |
roche | cobas_h_232 | - | cpe:2.3:h:roche:cobas_h_232:-:*:*:*:*:*:*:* |
roche | coaguchek_firmware | * | cpe:2.3:o:roche:coaguchek_firmware:*:*:*:*:*:*:*:* |
roche | coaguchek | - | cpe:2.3:h:roche:coaguchek:-:*:*:*:*:*:*:* |
roche | base_unit_hub_firmware | * | cpe:2.3:o:roche:base_unit_hub_firmware:*:*:*:*:*:*:*:* |
roche | base_unit_hub | - | cpe:2.3:h:roche:base_unit_hub:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
10.4%