VAR-201901-0848
Vulnerability from variot - Updated: 2023-12-18 12:18Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity. plural Drager The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dräger Infinity is prone to multiple security vulnerabilities: 1. A denial-of-service vulnerability. 2. An information disclosure vulnerability. 3. A privilege-escalation vulnerability. An attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions. are all medical monitor equipment of German Drager company. Input validation vulnerabilities exist in several Drger products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0848",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "delta xl",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "kappa",
"scope": "eq",
"trust": 1.0,
"vendor": "draeger",
"version": "*"
},
{
"model": "infinity delta xl",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity delta",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity explorer c700",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": null,
"trust": 0.8,
"vendor": "drager",
"version": null
},
{
"model": "infinity kappa",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta xl",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity delta",
"scope": "eq",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": "0"
},
{
"model": "infinity explorer c700 vf10.1",
"scope": "ne",
"trust": 0.3,
"vendor": "dr\u00e4ger",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:draeger:kappa_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:draeger:kappa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:draeger:infinity_explorer_c700_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:draeger:infinity_explorer_c700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:draeger:delta_xl_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:draeger:delta_xl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:draeger:infinity_delta_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:draeger:infinity_delta:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marc Ruef and Rocco Gagliardi from scip AG.",
"sources": [
{
"db": "BID",
"id": "106683"
}
],
"trust": 0.3
},
"cve": "CVE-2018-19010",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19010",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-129627",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-19010",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-19010",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-790",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129627",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. A malformed network packet may cause the monitor to reboot. By repeatedly sending the malformed network packet, an attacker may be able to disrupt patient monitoring by causing the monitor to repeatedly reboot until it falls back to default configuration and loses network connectivity. plural Drager The product contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Dr\u00c3\u00a4ger Infinity is prone to multiple security vulnerabilities:\n1. A denial-of-service vulnerability. \n2. An information disclosure vulnerability. \n3. A privilege-escalation vulnerability. \nAn attacker can leverage these issues to cause an affected device to reboot; resulting in a denial-of-service condition, gain access to sensitive information or gain elevated privileges to perform unauthorized actions. are all medical monitor equipment of German Drager company. Input validation vulnerabilities exist in several Drger products",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "VULHUB",
"id": "VHN-129627"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-19010",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSMA-19-022-01",
"trust": 2.8
},
{
"db": "BID",
"id": "106683",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-129627",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"id": "VAR-201901-0848",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:18:16.428000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.draeger.com/en_corp/home"
},
{
"title": "Multiple Drager Fixes for product input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88921"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-022-01"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/106683"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19010"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19010"
},
{
"trust": 0.3,
"url": "https://www.draeger.com/en_in/home"
},
{
"trust": 0.3,
"url": "https://static.draeger.com/security/download/2019-01-22-draeger-infinity-delta-vf10-1-security-advisory.pdf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129627"
},
{
"db": "BID",
"id": "106683"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-28T00:00:00",
"db": "VULHUB",
"id": "VHN-129627"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"date": "2019-01-28T22:29:00.350000",
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"date": "2019-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-129627"
},
{
"date": "2019-01-22T00:00:00",
"db": "BID",
"id": "106683"
},
{
"date": "2019-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014559"
},
{
"date": "2019-10-09T23:37:36.007000",
"db": "NVD",
"id": "CVE-2018-19010"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Drager Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014559"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-790"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…