var-201806-1771
Vulnerability from variot
A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 with Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 with Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 with Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions with Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. RAPIDLab and RAPIDPoint Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RAPIDLab 1200 system is a cartridge-based blood gas, electrolyte and metabolite analyzer designed for medium to large capacity clinical laboratories. The RAPIDPoint 400/405/500 system is a cassette analyzer based on blood gases, electrolytes and metabolites designed for use in a care setting environment. SIEMENS RAPIDLab 1200 and RAPIDPoint 400/500 Blood Gas Analyzers have elevated permissions vulnerabilities. Siemens RAPIDLab 1200 systems is an intensive care solution with blood and respiratory monitoring functions. RAPIDPoint 400 systems and RAPIDPoint 500 systems are different series of solutions for the clinical analysis of blood electrolytes, glucose, hematocrit and neonatal bilirubin
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201806-1771", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "rapidpoint 400", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": null }, { "model": "rapidpoint 500", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "2.3" }, { "model": "rapidpoint 500", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "3.0" }, { "model": "rapidlab 1200", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "3.3" }, { "model": "rapidlab 1200", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "rapidpoint 400", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "rapidpoint 500", "scope": null, "trust": 0.8, "vendor": "siemens", "version": null }, { "model": "rapidlab systems", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1200" }, { "model": "rapidpoint systems", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "400" }, { "model": "rapidpoint systems", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "500\u003e=v3.0" }, { "model": "rapidpoint systems", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "500v2.4.*" }, { "model": "rapidpoint systems", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "500\u003c=v2.3" }, { "model": "rapidlab series", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "1200\u003cv3.3" }, { "model": "rapidpoint 500", "scope": "eq", "trust": 0.6, "vendor": "siemens", "version": "2.3" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "rapidpoint 500", "version": "*" }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "rapidpoint 400", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "rapidlab 1200", "version": "*" } ], "sources": [ { "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "CNNVD", "id": "CNNVD-201806-877" }, { "db": "NVD", "id": "CVE-2018-4845" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/o:siemens:rapidlab_1200_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:rapidpoint_400_firmware", "vulnerable": true }, { "cpe22Uri": "cpe:/o:siemens:rapidpoint_500_firmware", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007631" } ] }, "cve": "CVE-2018-4845", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "CVE-2018-4845", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2018-11405", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "e2f3a540-39ab-11e9-8022-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.2, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.0, "id": "VHN-134876", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "id": "CVE-2018-4845", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-4845", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2018-4845", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2018-4845", "trust": 0.8, "value": "High" }, { "author": "CNVD", "id": "CNVD-2018-11405", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201806-877", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-134876", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "VULHUB", "id": "VHN-134876" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "CNNVD", "id": "CNNVD-201806-877" }, { "db": "NVD", "id": "CVE-2018-4845" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions \u003c V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions \u003e= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =\u003c V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the \"Remote View\" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue. RAPIDLab and RAPIDPoint Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RAPIDLab 1200 system is a cartridge-based blood gas, electrolyte and metabolite analyzer designed for medium to large capacity clinical laboratories. The RAPIDPoint 400/405/500 system is a cassette analyzer based on blood gases, electrolytes and metabolites designed for use in a care setting environment. SIEMENS RAPIDLab 1200 and RAPIDPoint 400/500 Blood Gas Analyzers have elevated permissions vulnerabilities. Siemens RAPIDLab 1200 systems is an intensive care solution with blood and respiratory monitoring functions. RAPIDPoint 400 systems and RAPIDPoint 500 systems are different series of solutions for the clinical analysis of blood electrolytes, glucose, hematocrit and neonatal bilirubin", "sources": [ { "db": "NVD", "id": "CVE-2018-4845" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-134876" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-4845", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-755010", "trust": 2.3 }, { "db": "CNNVD", "id": "CNNVD-201806-877", "trust": 0.9 }, { "db": "CNVD", "id": "CNVD-2018-11405", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-007631", "trust": 0.8 }, { "db": "IVD", "id": "E2F3A540-39AB-11E9-8022-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-134876", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "VULHUB", "id": "VHN-134876" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "CNNVD", "id": "CNNVD-201806-877" }, { "db": "NVD", "id": "CVE-2018-4845" } ] }, "id": "VAR-201806-1771", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "VULHUB", "id": "VHN-134876" } ], "trust": 1.9 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 0.8 } ], "sources": [ { "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11405" } ] }, "last_update_date": "2024-11-23T22:41:48.825000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-755010", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf" }, { "title": "SIEMENS RAPIDLab 1200 and RAPIDPoint 400/500 Blood Gas Analyzers Patch for Enhancing Permission Vulnerabilities", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/131877" }, { "title": "Siemens RAPIDLab 1200 systems , RAPIDPoint 400 systems and RAPIDPoint 500 systems Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80925" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "CNNVD", "id": "CNNVD-201806-877" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-269", "trust": 1.1 }, { "problemtype": "CWE-284", "trust": 1.0 }, { "problemtype": "CWE-264", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-134876" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "NVD", "id": "CVE-2018-4845" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdf" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-4845" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-4845" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "VULHUB", "id": "VHN-134876" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "CNNVD", "id": "CNNVD-201806-877" }, { "db": "NVD", "id": "CVE-2018-4845" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11405" }, { "db": "VULHUB", "id": "VHN-134876" }, { "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "db": "CNNVD", "id": "CNNVD-201806-877" }, { "db": "NVD", "id": "CVE-2018-4845" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-06-13T00:00:00", "db": "IVD", "id": "e2f3a540-39ab-11e9-8022-000c29342cb1" }, { "date": "2018-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2018-11405" }, { "date": "2018-06-26T00:00:00", "db": "VULHUB", "id": "VHN-134876" }, { "date": "2018-09-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "date": "2018-06-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201806-877" }, { "date": "2018-06-26T18:29:00.807000", "db": "NVD", "id": "CVE-2018-4845" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-06-13T00:00:00", "db": "CNVD", "id": "CNVD-2018-11405" }, { "date": "2019-10-09T00:00:00", "db": "VULHUB", "id": "VHN-134876" }, { "date": "2018-09-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-007631" }, { "date": "2022-03-21T00:00:00", "db": "CNNVD", "id": "CNNVD-201806-877" }, { "date": "2024-11-21T04:07:34.380000", "db": "NVD", "id": "CVE-2018-4845" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-201806-877" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "RAPIDLab and RAPIDPoint Vulnerabilities related to authorization, permissions, and access control", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-007631" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-201806-877" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.