Vulnerability Description
An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and cobas h 232 before 04.00.04 (Serial number above KQ0400000 or KS0400000). Improper access control allows attackers in the adjacent network to change the instrument configuration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Roche | Accu-Chek Inform Ii Firmware | < 03.06.00 |
| Roche | Accu-Chek Inform Ii | - |
| Roche | Cobas H 232 Firmware | < 04.00.04 |
| Roche | Cobas H 232 | - |
| Roche | Coaguchek Pro Ii Firmware | < 04.03.00 |
| Roche | Coaguchek Pro Ii | - |
References
- http://www.securityfocus.com/bid/105843Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01MitigationThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/105843Third Party AdvisoryVDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-310-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-18564?
CVE-2018-18564 is a vulnerability with a CVSS score of 7.4 (HIGH). An issue was discovered in Roche Accu-Chek Inform II Instrument before 03.06.00 (Serial number below 14000) and 04.x before 04.03.00 (Serial Number above 14000), CoaguChek Pro II before 04.03.00, and ...
How severe is CVE-2018-18564?
CVE-2018-18564 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18564?
Check the references section above for vendor advisories and patch information. Affected products include: Roche Accu-Chek Inform Ii Firmware, Roche Accu-Chek Inform Ii, Roche Cobas H 232 Firmware, Roche Cobas H 232, Roche Coaguchek Pro Ii Firmware.