CVE-2018-18630
HIGHMckesson Horizon Cardiology Firmware - Incorrect Permission Assignment
Title source: ruleDescription
A vulnerability was found in McKesson Cardiology product 13.x and 14.x. Insecure file permissions in the default installation may allow an attacker with local system access to execute unauthorized arbitrary code.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsma-19-241-01
Third Party Advisory x_refsource_misc
https://www.hipaajournal.com/code-execution-vulnerability-identified-in-change-healthcare-cardiology-devices/
Scores
CVSS v3
7.8
EPSS
0.0004
EPSS Percentile
12.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (5)
changehealthcare/cardiology_firmware
14.1.0
mckesson/cardiology_firmware
13.0
mckesson/cardiology_firmware
14.0
mckesson/horizon_cardiology_firmware
11.0
mckesson/horizon_cardiology_firmware
12.0 - 12.2
Published
Sep 06, 2019
Tracked Since
Feb 18, 2026