CVE-2018-7526

Опубликовано: 24 мая 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In TotalAlert Web Application in BeaconMedaes Scroll Medical Air Systems prior to v4107600010.23, by accessing a specific uniform resource locator (URL) on the webserver, a malicious user may be able to access information in the application without authenticating.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01
Mitigation
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-144-01
Mitigation
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:beaconmedaes:scroll_medical_air_systems_firmware:*:*:*:*:*:*:*:*

Версия до 4107600010.23 (исключая)

cpe:2.3:h:beaconmedaes:scroll_medical_air_systems:-:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00216

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-hmhr-hg65-m689