Insecure Permissions in Roche Accu-Chek Inform II and CoaguChek/cobas h232 Handheld Base Units Allow Remote Command Execution

Insecure Permissions in Roche Accu-Chek Inform II and CoaguChek/cobas h232 Handheld Base Units Allow Remote Command Execution

CVE-2018-18561 · HIGH Severity

AV:A/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered in Roche Accu-Chek Inform II Base Unit / Base Unit Hub before 03.01.04 and CoaguChek / cobas h232 Handheld Base Unit before 03.01.04. Insecure permissions in a service interface may allow authenticated attackers in the adjacent network to execute arbitrary commands on the operating system.

Learn more about our Network Penetration Testing.