CVE-2018-18563 — CRITICAL (9.6)

Q: How severe is CVE-2018-18563?

CVE-2018-18563 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2018-18563?

Check the references section above for vendor advisories and patch information. Affected products include: Roche Accu-Chek Inform Ii Firmware, Roche Accu-Chek Inform Ii, Roche Cobas H 232 Firmware, Roche Cobas H 232, Roche Coaguchek Pro Ii Firmware.

Vulnerability Description

An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, CoaguChek XS Plus before 03.01.06, CoaguChek XS Pro before 03.01.06, cobas h 232 before 03.01.03 (Serial Number below KQ0400000 or KS0400000) and cobas h 232 before 04.00.04 (Serial Number above KQ0400000 or KS0400000). Improper access control to a service command allows attackers in the adjacent network to execute arbitrary code on the system through a crafted Poct1-A message.

CVSS Score

9.6

CRITICAL

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Roche	Accu-Chek Inform Ii Firmware	< 03.06.00
Roche	Accu-Chek Inform Ii	-
Roche	Cobas H 232 Firmware	< 03.01.03
Roche	Cobas H 232	-
Roche	Coaguchek Pro Ii Firmware	< 04.03.00
Roche	Coaguchek Pro Ii	-
Roche	Coaguchek Xs Plus Firmware	< 03.01.06
Roche	Coaguchek Xs Plus	-
Roche	Coaguchek Xs Pro Firmware	< 03.01.06
Roche	Coaguchek Xs Pro	-

Related Weaknesses (CWE)

CWE-434

References

http://www.securityfocus.com/bid/105843Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01MitigationThird Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/105843Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01MitigationThird Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-18563?

CVE-2018-18563 is a vulnerability with a CVSS score of 9.6 (CRITICAL). An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, Coag...

How severe is CVE-2018-18563?

CVE-2018-18563 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-18563?

Check the references section above for vendor advisories and patch information. Affected products include: Roche Accu-Chek Inform Ii Firmware, Roche Accu-Chek Inform Ii, Roche Cobas H 232 Firmware, Roche Cobas H 232, Roche Coaguchek Pro Ii Firmware.