Vulnerability Description
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mckesson | Horizon Cardiology Firmware | >= 12.0, <= 12.2 |
| Mckesson | Horizon Cardiology | - |
| Mckesson | Cardiology Firmware | 13.0 |
| Mckesson | Cardiology | - |
| Changehealthcare | Cardiology Firmware | 14.1.0 |
| Changehealthcare | Cardiology | - |
Related Weaknesses (CWE)
References
- https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-hThird Party Advisory
- https://www.us-cert.gov/ics/advisories/icsma-19-241-01Third Party AdvisoryUS Government Resource
- https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-hThird Party Advisory
- https://www.us-cert.gov/ics/advisories/icsma-19-241-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2018-18630?
CVE-2018-18630 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arb...
How severe is CVE-2018-18630?
CVE-2018-18630 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-18630?
Check the references section above for vendor advisories and patch information. Affected products include: Mckesson Horizon Cardiology Firmware, Mckesson Horizon Cardiology, Mckesson Cardiology Firmware, Mckesson Cardiology, Changehealthcare Cardiology Firmware.