CVE-2018-4846

Name of the Vulnerable Software and Affected Versions RAPIDLab 1200 systems versions without use of Siemens Healthineers Informatics products RAPIDPoint 400 systems versions with Siemens Healthineers Informatics products RAPIDPoint 500 systems versions prior to V3.0 with Siemens Healthineers Informatics products RAPIDPoint 500 systems version V2.4.X with Siemens Healthineers Informatics products RAPIDLab 1200 Series versions prior to V3.3 with Siemens Healthineers Informatics products

Description A security issue has been identified, where a factory account with a hardcoded password could allow attackers to access the device over port 5900/tcp. This issue can be exploited without user interaction or privileges, affecting the confidentiality, integrity, and availability of the device. There are no known public exploitations of this issue at the time of publication.

Recommendations For RAPIDLab 1200 systems without Siemens Healthineers Informatics products, consider disabling access over port 5900/tcp until a patch is available. For RAPIDPoint 400 systems with Siemens Healthineers Informatics products, restrict access to the factory account until a fix is provided. For RAPIDPoint 500 systems with versions prior to V3.0 and version V2.4.X with Siemens Healthineers Informatics products, avoid using the hardcoded password for the factory account until the issue is resolved. For RAPIDLab 1200 Series with versions prior to V3.3 and Siemens Healthineers Informatics products, consider changing the hardcoded password for the factory account to a secure password until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.