Lucene search

[email protected]NVD:CVE-2018-4846

HistoryJun 26, 2018 - 6:29 p.m.

CVE-2018-4846

2018-06-2618:29:00

CWE-798

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

54.1%

JSON

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 with Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 with Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 with Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions with Siemens Healthineers Informatics products). A factory account with hardcoded password might allow attackers access to the device over port 5900/tcp. Successful exploitation requires no user interaction or privileges and impacts the confidentiality, integrity, and availability of the affected device. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.

Affected configurations

Nvd

Node

siemensrapidpoint_400_firmwareMatch-

AND

siemensrapidpoint_400Match-

Node

siemensrapidpoint_500_firmwareRange≤2.3

siemensrapidpoint_500_firmwareRange3.0≥

AND

siemensrapidpoint_500Match-

Node

siemensrapidlab_1200_firmwareRange<3.3

AND

siemensrapidlab_1200Match-

VendorProductVersionCPE
siemensrapidpoint_400_firmware-cpe:2.3:o:siemens:rapidpoint_400_firmware:-:*:*:*:*:*:*:*
siemensrapidpoint_400-cpe:2.3:h:siemens:rapidpoint_400:-:*:*:*:*:*:*:*
siemensrapidpoint_500_firmware*cpe:2.3:o:siemens:rapidpoint_500_firmware:*:*:*:*:*:*:*:*
siemensrapidpoint_500-cpe:2.3:h:siemens:rapidpoint_500:-:*:*:*:*:*:*:*
siemensrapidlab_1200_firmware*cpe:2.3:o:siemens:rapidlab_1200_firmware:*:*:*:*:*:*:*:*
siemensrapidlab_1200-cpe:2.3:h:siemens:rapidlab_1200:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	rapidpoint_400_firmware	-	cpe:2.3:o:siemens:rapidpoint_400_firmware:-:::::::*
siemens	rapidpoint_400	-	cpe:2.3:h:siemens:rapidpoint_400:-:::::::*
siemens	rapidpoint_500_firmware	*	cpe:2.3:o:siemens:rapidpoint_500_firmware::::::::
siemens	rapidpoint_500	-	cpe:2.3:h:siemens:rapidpoint_500:-:::::::*
siemens	rapidlab_1200_firmware	*	cpe:2.3:o:siemens:rapidlab_1200_firmware::::::::
siemens	rapidlab_1200	-	cpe:2.3:h:siemens:rapidlab_1200:-:::::::*

References

cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.002

Percentile

54.1%

JSON

Related for NVD:CVE-2018-4846

prion1 cve1 cvelist1