PT-2018-14519 · Roche · Coaguchek Pro Ii+4

Published

2018-11-20

Updated

2018-12-28

CVE-2018-18565

CVSS v3.1

6.8

Medium

Vector

AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Roche Accu-Chek Inform II Instrument versions before 03.06.00 Roche Accu-Chek Inform II Instrument versions 04.x before 04.03.00 CoaguChek Pro II versions before 04.03.00 CoaguChek XS Plus versions before 03.01.06 CoaguChek XS Pro versions before 03.01.06 cobas h 232 versions before 03.01.03 cobas h 232 versions 04.x before 04.00.04

Description A vulnerability in the software update mechanism allows authenticated attackers in the adjacent network to overwrite arbitrary files on the system through a crafted update package.

Recommendations For Roche Accu-Chek Inform II Instrument versions before 03.06.00, update to version 03.06.00 or later. For Roche Accu-Chek Inform II Instrument versions 04.x before 04.03.00, update to version 04.03.00 or later. For CoaguChek Pro II versions before 04.03.00, update to version 04.03.00 or later. For CoaguChek XS Plus versions before 03.01.06, update to version 03.01.06 or later. For CoaguChek XS Pro versions before 03.01.06, update to version 03.01.06 or later. For cobas h 232 versions before 03.01.03, update to version 03.01.03 or later. For cobas h 232 versions 04.x before 04.00.04, update to version 04.00.04 or later.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2018-18565

Affected Products

Coaguchek Pro Ii

Coaguchek Xs Plus

Coaguchek Xs Pro

Roche Accu-Chek Inform Ii Instrument

Cobas H 232

PT-2018-14519 · Roche · Coaguchek Pro Ii+4

CVE-2018-18565

Weakness Enumeration

Related Identifiers

Affected Products

References · 4