CVE-2018-4846

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.3%

top 48.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Rapidlab 1200 Firmware Siemens Rapidpoint 500 Firmware Siemens AG Rapidlab 1200 Systems Rapidpoint 400 Systems Rapidpoint 500 Systems Rapidlab 1200 Series Rapidpoint 500 Systems Rapidpoint 500 Systems Rapidpoint 500 Systems Rapidpoint 400 Systems

Timeline

PublishedJun 26

Latest updateMay 13

Description

A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions = V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ S…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5siemens_ag/rapidlab_1200_systems_rapidpoint_400_systems_rapidpoint_500_systems_rapidlab_1200_series_rapidpoint_500_systems_rapidpoint_500_systems_rapidpoint_500_systems_rapidpoint_400_systemsRAPIDLab 1200 systems RAPIDPoint 400 systems / RAPIDPoint 500 systems All versions _without_ use of Siemens Healthineers Informatics products RAPIDLab 1200 Series All versions < V3.3 _with_Siemens Healthineers Informatics products RAPIDPoint 500 systems All versions >= V3.0 _with_ Siemens Healthineers Informatics products RAPIDPoint 500 systems V2.4.X _with_ Siemens Healthineers Informatics products RAPIDPoint 500 systems All versions =< V2.3 _with_ Siemens Healthineers Informatics products RAPIDPoint 400 systems All versions_with_ Siemens Healthineers Informatics products

▶NVDsiemens/rapidpoint_500_firmware2.3+1

▶NVDsiemens/rapidlab_1200_firmware< 3.3

🔴Vulnerability Details

GHSA

GHSA-vcx8-x3m9-gr6g: A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens H↗2022-05-13

▶

CVEList

CVE-2018-4846: A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens H↗2018-06-26

▶

External resources

NVD MITRE

Affected products3

Siemens AG Rapidlab 1200 Systems Rapidpoint 400 Systems Rapidpoint 500 Systems Rapidlab 1200 Series Rapidpoint 500 Systems Rapidpoint 500 Systems Rapidpoint 500 Systems Rapidpoint 400 SystemsvRAPIDLab 1200 systems RAPIDPoint 400 systems / RAPIDPoint 500 systems All versions _without_ use of Siemens Healthineers Informatics products RAPIDLab 1200 Series All versions < V3.3 _with_Siemens Healthineers Informatics products RAPIDPoint 500 systems All versions >= V3.0 _with_ Siemens Healthineers Informatics products RAPIDPoint 500 systems V2.4.X _with_ Siemens Healthineers Informatics products RAPIDPoint 500 systems All versions =< V2.3 _with_ Siemens Healthineers Informatics products RAPIDPoint 400 systems All versions_with_ Siemens Healthineers Informatics products

Siemens Rapidlab 1200 Firmwarefixed in 3.3

Siemens Rapidpoint 500 Firmware≤ 2.3≥ 3.0

Disclosure

PublishedJun 26, 2018

Latest updateMay 13, 2022