CVE-2018-4845
First published: Tue Jun 26 2018(Updated: )
A vulnerability has been identified in RAPIDLab 1200 systems / RAPIDPoint 400 systems / RAPIDPoint 500 systems (All versions_without_ use of Siemens Healthineers Informatics products), RAPIDLab 1200 Series (All versions < V3.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions >= V3.0 _with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (V2.4.X_with_ Siemens Healthineers Informatics products), RAPIDPoint 500 systems (All versions =< V2.3 _with_ Siemens Healthineers Informatics products), RAPIDPoint 400 systems (All versions _with_ Siemens Healthineers Informatics products). Remote attackers with either local or remote credentialed access to the "Remote View" feature might be able to elevate their privileges, compromising confidentiality, integrity, and availability of the system. No special skills or user interaction are required to perform this attack. At the time of advisory publication, no public exploitation of this security vulnerability is known. Siemens Healthineers confirms the security vulnerability and provides mitigations to resolve the security issue.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens Rapidpoint 400 Firmware | ||
| Siemens Rapidpoint 400 | ||
| Siemens Rapidpoint 500 Firmware | <=2.3 | |
| Siemens Rapidpoint 500 Firmware | >=3.0 | |
| Siemens Rapidpoint 500 | ||
| Siemens Rapidlab 1200 Firmware | <3.3 | |
| Siemens Rapidlab 1200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-4845?
The severity of CVE-2018-4845 is classified as high due to the potential for unauthorized access to sensitive systems.
How do I fix CVE-2018-4845?
To fix CVE-2018-4845, users should update to the latest firmware versions for affected Siemens RapidPoint and RAPIDLab systems.
Which systems are affected by CVE-2018-4845?
CVE-2018-4845 affects Siemens RAPIDLab 1200, RAPIDPoint 400, and RAPIDPoint 500 systems with specific firmware version criteria.
What are the consequences of not addressing CVE-2018-4845?
Failure to address CVE-2018-4845 could result in unauthorized access and manipulation of critical medical data.
Is there a patch available for CVE-2018-4845?
Yes, patches are available through Siemens for the impacted versions of the RAPIDLab and RAPIDPoint systems.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/author
- agent/references
- agent/severity
- agent/tags
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- vendor/siemens
- canonical/siemens rapidpoint 400 firmware
- canonical/siemens rapidpoint 400
- canonical/siemens rapidpoint 500 firmware
- version/siemens rapidpoint 500 firmware/2.3
- version/siemens rapidpoint 500 firmware/3.0
- canonical/siemens rapidpoint 500
- canonical/siemens rapidlab 1200 firmware
- canonical/siemens rapidlab 1200