VAR-201806-1790
Vulnerability from variot - Updated: 2023-12-18 12:18In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. BeaconMedaes TotalAlert Scroll Medical Air Systems Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BeaconMedaes TotalAlert Scroll Medical Air Systems is a medical surgical air system from BeaconMedaes, USA. Web application is one of the web-based management programs. An attacker could exploit the vulnerability to gain unauthorized access to sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-1790",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scroll medical air systems",
"scope": "lt",
"trust": 1.8,
"vendor": "beaconmedaes",
"version": "4107600010.23"
},
{
"model": "totalalert scroll medical air systems",
"scope": "lte",
"trust": 0.6,
"vendor": "beaconmedaes",
"version": "\u003c=4107600010.23"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "scroll medical air",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "NVD",
"id": "CVE-2018-7510"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:beaconmedaes:scroll_medical_air_systems_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4107600010.23",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:beaconmedaes:scroll_medical_air_systems:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7510"
}
]
},
"cve": "CVE-2018-7510",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-7510",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-12135",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-7510",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-7510",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-12135",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-345",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "NVD",
"id": "CVE-2018-7510"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In the web application in BeaconMedaes TotalAlert Scroll Medical Air Systems running software versions prior to 4107600010.23, passwords are presented in plaintext in a file that is accessible without authentication. BeaconMedaes TotalAlert Scroll Medical Air Systems Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BeaconMedaes TotalAlert Scroll Medical Air Systems is a medical surgical air system from BeaconMedaes, USA. Web application is one of the web-based management programs. An attacker could exploit the vulnerability to gain unauthorized access to sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-7510"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-7510",
"trust": 3.2
},
{
"db": "ICS CERT",
"id": "ICSMA-18-144-01",
"trust": 3.0
},
{
"db": "CNVD",
"id": "CNVD-2018-12135",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-345",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F5C81F-39AB-11E9-B1A5-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "NVD",
"id": "CVE-2018-7510"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
]
},
"id": "VAR-201806-1790",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
}
],
"trust": 1.6125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
}
]
},
"last_update_date": "2023-12-18T12:18:49.575000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Scroll Medical Air Systems",
"trust": 0.8,
"url": "http://www.beaconmedaes.com/index.php?option=com_air\u0026view=scroll\u0026itemid=117"
},
{
"title": "BeaconMedaes TotalAlert Scroll Medical Air Systems patch for information disclosure vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132865"
},
{
"title": "BeaconMedaes TotalAlert Scroll Medical Air Systems Web Fixes for application security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80703"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "NVD",
"id": "CVE-2018-7510"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-144-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7510"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-7510"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "NVD",
"id": "CVE-2018-7510"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"db": "NVD",
"id": "CVE-2018-7510"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"date": "2018-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"date": "2018-06-06T20:29:00.597000",
"db": "NVD",
"id": "CVE-2018-7510"
},
{
"date": "2018-06-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-12135"
},
{
"date": "2018-08-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006321"
},
{
"date": "2019-10-09T23:42:21.033000",
"db": "NVD",
"id": "CVE-2018-7510"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "BeaconMedaes TotalAlert Scroll Medical Air Systems Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f5c81f-39ab-11e9-b1a5-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-12135"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-345"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…