CVE-2018-19014 - OpenCVE

Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:A/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Draeger	Infinity Explorer C700 Infinity Explorer C700 Firmware Infinity Delta Infinity Delta Firmware Kappa Delta Xl Firmware Delta Xl Kappa Firmware

Configuration 1 [-]

AND

cpe:2.3:o:draeger:kappa_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draeger:kappa:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:draeger:infinity_explorer_c700_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draeger:infinity_explorer_c700:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:draeger:delta_xl_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draeger:delta_xl:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:draeger:infinity_delta_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:draeger:infinity_delta:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/106683	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: icscert

Published: 2019-01-22T00:00:00

Updated: 2019-01-29T10:57:01

Reserved: 2018-11-06T00:00:00

Link: CVE-2018-19014

JSON object: View

NVD Information

Status : Modified

Published: 2019-01-28T22:29:00.397

Modified: 2019-10-09T23:37:36.630

Link: CVE-2018-19014

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "DrÃ¤ger Infinity Delta", "vendor": "ICS-CERT", "versions": [{"status": "affected", "version": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."}]}], "datePublic": "2019-01-22T00:00:00", "descriptions": [{"lang": "en", "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-01-29T10:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"}, {"name": "106683", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106683"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2019-01-22T00:00:00", "ID": "CVE-2018-19014", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "DrÃ¤ger Infinity Delta", "version": {"version_data": [{"version_value": "Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions."}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INFORMATION EXPOSURE THROUGH LOG FILES CWE-532"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"}, {"name": "106683", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106683"}]}}}}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-19014", "datePublished": "2019-01-22T00:00:00", "dateReserved": "2018-11-06T00:00:00", "dateUpdated": "2019-01-29T10:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draeger:kappa_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A7808691-D8D7-4BE0-995C-836980A21683", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draeger:kappa:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED40C0B7-16B1-40F9-8BB4-A663DD969746", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draeger:infinity_explorer_c700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACD85169-9127-4017-99BF-A862540358FD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draeger:infinity_explorer_c700:-:*:*:*:*:*:*:*", "matchCriteriaId": "23628C4D-D7CD-46C1-B3E7-097D68EB689B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draeger:delta_xl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D620EF1-5976-4F2D-B56D-ACE14A4A92C9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draeger:delta_xl:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B3D2079-9DCB-4218-8DF9-E33485D7402A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:draeger:infinity_delta_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4AF77F47-64CB-44D6-A715-A88E88F5ED4C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:draeger:infinity_delta:-:*:*:*:*:*:*:*", "matchCriteriaId": "882CC533-800F-4813-A4C2-1F4A72724A57", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Drager Infinity Delta, Infinity Delta, all versions, Delta XL, all versions, Kappa, all version, and Infinity Explorer C700, all versions. Log files are accessible over an unauthenticated network connection. By accessing the log files, an attacker is able to gain insights about internals of the patient monitor, the location of the monitor, and wired network configuration."}, {"lang": "es", "value": "Todas las versiones de los siguientes programas de Drager Infinity Delta: Infinity Delta, Delta XL, Kappa y Infinity Explorer C700. Se puede acceder a los archivos de registro en una conexi\u00f3n de red no autenticada. El acceso a estos archivos permite al atacante conocer los componentes internos del monitor del paciente, la localizaci\u00f3n de dicho monitor y la configuraci\u00f3n de red por cable."}], "id": "CVE-2018-19014", "lastModified": "2019-10-09T23:37:36.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-28T22:29:00.397", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/106683"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-19-022-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}