CVE-2018-18563

Name of the Vulnerable Software and Affected Versions Roche Accu-Chek Inform II Instrument versions prior to 03.06.00 (Serial number below 14000) Roche Accu-Chek Inform II Instrument versions 04.x prior to 04.03.00 (Serial Number above 14000) CoaguChek Pro II versions prior to 04.03.00 CoaguChek XS Plus versions prior to 03.01.06 CoaguChek XS Pro versions prior to 03.01.06 cobas h 232 versions prior to 03.01.03 (Serial Number below KQ0400000 or KS0400000) cobas h 232 versions prior to 04.00.04 (Serial Number above KQ0400000 or KS0400000)

Description The issue is related to improper access control, allowing attackers on the adjacent network to execute arbitrary code through a crafted Poct1-A message. This enables them to access a service command and compromise the system.

Recommendations For Roche Accu-Chek Inform II Instrument versions prior to 03.06.00, update to version 03.06.00 or later. For Roche Accu-Chek Inform II Instrument versions 04.x prior to 04.03.00, update to version 04.03.00 or later. For CoaguChek Pro II versions prior to 04.03.00, update to version 04.03.00 or later. For CoaguChek XS Plus versions prior to 03.01.06, update to version 03.01.06 or later. For CoaguChek XS Pro versions prior to 03.01.06, update to version 03.01.06 or later. For cobas h 232 versions prior to 03.01.03, update to version 03.01.03 or later for devices with Serial Number below KQ0400000 or KS0400000. For cobas h 232 versions prior to 04.00.04, update to version 04.00.04 or later for devices with Serial Number above KQ0400000 or KS0400000.