Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2018-8867
HistoryMay 18, 2018 - 8:29 p.m.

CVE-2018-8867

2018-05-1820:29:00
CWE-20
[email protected]
web.nvd.nist.gov
31
cve-2018-8867
ge
pacsystems
rx3i
cpe305
cpe310
cpe330
cpe400
rsti-ep
nvd
vulnerability
remote attack
validation
input
security

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.6%

JSON

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

Affected configurations

NVD
Node
gepacsystems_rx3i_cpe305_firmwareRange9.20
AND
gepacsystems_rx3i_cpe305Match-
Node
gepacsystems_rx3i_cpe310_firmwareRange9.20
AND
gepacsystems_rx3i_cpe310Match-
Node
gerx3i_cpe330_firmwareRange9.21
AND
gerx3i_cpe330Match-
Node
gerx3i_cpe_400_firmwareRange9.30
AND
gerx3i_cpe_400Match-
Node
gepacsystems_rsti-ep_cpe_100_firmwareMatch-
AND
gepacsystems_rsti-ep_cpe_100Match-
Node
gepacsystems_cpu320_firmwareMatch-
AND
gepacsystems_cpu320Match-
Node
gepacsystems_cru320_firmwareMatch-
AND
gepacsystems_cru320Match-
Node
gepacsystems_rxi_firmwareMatch-
AND
gepacsystems_rxiMatch-

CNA Affected

[
  {
    "product": "GE PACSystems RX3i CPE305/310 version 9.20 and prior RX3i CPE330 version 9.21 and prior RX3i CPE 400 version 9.30 and prior PACSystems RSTi-EP CPE 100 all versionsPACSystems CPU320/CRU320 RXi all versions",
    "vendor": "ICS-CERT",
    "versions": [
      {
        "status": "affected",
        "version": "GE PACSystems RX3i CPE305/310 version 9.20 and prior RX3i CPE330 version 9.21 and prior RX3i CPE 400 version 9.30 and prior PACSystems RSTi-EP CPE 100 all versionsPACSystems CPU320/CRU320 RXi all versions"
      }
    ]
  }
]

Related

cvelist 1
prion 1
ics 1
nessus 2
nvd 1
cvelist
cvelist
CVE-2018-8867
2018-05-17 00:00:00
prion
prion
Input validation
2018-05-18 20:29:00
ics
ics
GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi
2018-05-21 12:00:00
nessus
nessus
GE PACSystems CPE305/310, CPE330, CPE400, RSTi-EP CPE 100, CPU320/CRU320, RXi Improper Input Validation (CVE-2018-8867)
2022-02-07 00:00:00
Ge Pacsystems Improper Input Validation
2019-11-08 00:00:00
nvd
nvd
CVE-2018-8867
2018-05-18 20:29:00

7.8 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.6%

JSON
Related for CVE-2018-8867
cvelist1prion1ics1nessus2nvd1