CVE-2018-7518

Опубликовано: 24 мая 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 5

EPSS Низкий

Описание

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, an attacker with network access to the integrated web server could retrieve default or user defined credentials stored and transmitted in an insecure manner.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01
Mitigation
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:beaconmedaes:scroll_medical_air_systems_firmware:*:*:*:*:*:*:*:*

Версия до 4107600010.23 (исключая)

cpe:2.3:h:beaconmedaes:scroll_medical_air_systems:-:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00236

Низкий

9.8 Critical

CVSS3

5 Medium

CVSS2

Дефекты

CWE-522

Связанные уязвимости

GHSA-g3g6-pxw3-m2vj