Vulnerability Details CVE-2018-18630
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.2%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-healthcare-cardiology-devices/
- https://www.us-cert.gov/ics/advisories/icsma-19-241-01
- https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-healthcare-cardiology-devices/
- https://www.us-cert.gov/ics/advisories/icsma-19-241-01
Products affected by CVE-2018-18630
-
cpe:2.3:h:changehealthcare:cardiology:-
-
cpe:2.3:h:mckesson:cardiology:-
-
cpe:2.3:h:mckesson:horizon_cardiology:-
-
cpe:2.3:o:changehealthcare:cardiology_firmware:14.1.0
-
cpe:2.3:o:mckesson:cardiology_firmware:13.0
-
cpe:2.3:o:mckesson:cardiology_firmware:14.0
-
cpe:2.3:o:mckesson:horizon_cardiology_firmware:11.0
-
cpe:2.3:o:mckesson:horizon_cardiology_firmware:12.0
-
cpe:2.3:o:mckesson:horizon_cardiology_firmware:12.1
-
cpe:2.3:o:mckesson:horizon_cardiology_firmware:12.2