Design/Logic Flaw

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the...

CVE-2018-18561

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the...

CVE-2018-18562

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Weak access credentials may enable attackers in the adjacent network to gain unauthorized service access via a service interface...

Roche Accu-Chek Inform II Base Unit/Base Unit Hub and CoaguChek/cobas h232 Handheld Base Unit Command Execution Vulnerabilities

The Roche Accu-Chek Inform II Base Unit/Base Unit Hub and the CoaguChek/cobas h232 Handheld Base Unit are handheld blood testing medical devices from Roche, Switzerland. A security vulnerability exists in the Roche Accu-Chek Inform II Base Unit/Base Unit Hub prior to version 03.01.04 and the...

Roche Accu-Chek Inform II Base Unit/Base Unit Hub and CoaguChek/cobas h232 Handheld Base Unit License Issue Vulnerability

The Roche Accu-Chek Inform II Base Unit/Base Unit Hub and the CoaguChek/cobas h232 Handheld Base Unit are handheld blood testing medical devices from Roche, Switzerland. An authorization issue vulnerability exists in the Roche Accu-Chek Inform II Base Unit/Base Unit Hub versions prior to 03.01.04...

CVE-2017-9377

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...

Command injection

A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device...

CVE-2017-9377

Barco ClickShare Base Unit devices (CSM-1 firmware before 1.7.0.3; CSC-1 firmware before 1.10.0.10) are affected by CVE-2017-9377. A command injection vulnerability exists that an attacker with access to the product’s web API can exploit to completely compromise the affected device. The available...

Cross site scripting

Cross-site scripting XSS vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML v...