{"containers": {"cna": {"affected": [{"product": "GE PACSystems RX3i CPE305/310 version 9.20 and prior RX3i CPE330 version 9.21 and prior RX3i CPE 400 version 9.30 and prior PACSystems RSTi-EP CPE 100 all versionsPACSystems CPU320/CRU320 RXi all versions", "vendor": "ICS-CERT", "versions": [{"status": "affected", "version": "GE PACSystems RX3i CPE305/310 version 9.20 and prior RX3i CPE330 version 9.21 and prior RX3i CPE 400 version 9.30 and prior PACSystems RSTi-EP CPE 100 all versionsPACSystems CPU320/CRU320 RXi all versions"}]}], "datePublic": "2018-05-17T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "IMPROPER INPUT VALIDATION CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-24T09:57:01.000Z", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"name": "104241", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104241"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2018-05-17T00:00:00", "ID": "CVE-2018-8867", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "GE PACSystems RX3i CPE305/310 version 9.20 and prior RX3i CPE330 version 9.21 and prior RX3i CPE 400 version 9.30 and prior PACSystems RSTi-EP CPE 100 all versionsPACSystems CPU320/CRU320 RXi all versions", "version": {"version_data": [{"version_value": "GE PACSystems RX3i CPE305/310 version 9.20 and prior RX3i CPE330 version 9.21 and prior RX3i CPE 400 version 9.30 and prior PACSystems RSTi-EP CPE 100 all versionsPACSystems CPU320/CRU320 RXi all versions"}]}}]}, "vendor_name": "ICS-CERT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER INPUT VALIDATION CWE-20"}]}]}, "references": {"reference_data": [{"name": "104241", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104241"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:10:46.575Z"}, "title": "CVE Program Container", "references": [{"name": "104241", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104241"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2018-8867", "datePublished": "2018-05-18T20:00:00.000Z", "dateReserved": "2018-03-20T00:00:00.000Z", "dateUpdated": "2024-09-16T18:43:49.739Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:pacsystems_rx3i_cpe305_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC913F0-A45D-43F8-8E52-2A2C8D1F9DA7", "versionEndIncluding": "9.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:pacsystems_rx3i_cpe305:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E05E2BD-429B-48B3-8BC5-BDC04F686FC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:pacsystems_rx3i_cpe310_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B0A7230-134E-4BD4-A6E1-B5565958612E", "versionEndIncluding": "9.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:pacsystems_rx3i_cpe310:-:*:*:*:*:*:*:*", "matchCriteriaId": "2833DB18-A300-498F-BF61-798032151A6B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:rx3i_cpe330_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AAC6F7D6-F549-4BE6-9319-EC94DBBCCF66", "versionEndIncluding": "9.21", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:rx3i_cpe330:-:*:*:*:*:*:*:*", "matchCriteriaId": "54AF09DD-A113-4849-A7AF-5DBCC1060786", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:rx3i_cpe_400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "75D397D3-5CBD-4917-8FFE-D113BD23546F", "versionEndIncluding": "9.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:rx3i_cpe_400:-:*:*:*:*:*:*:*", "matchCriteriaId": "85B5DF14-24A1-4853-9061-7BAC2A4D6EAD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:pacsystems_rsti-ep_cpe_100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2DE130F6-ECCF-46FE-8C5C-1ED63A3388E2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:pacsystems_rsti-ep_cpe_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A0C1686-CCEC-48EE-A2C1-F20C812CE709", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:pacsystems_cpu320_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F9ACC02D-C9E9-4A64-880B-BE2773AF096C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:pacsystems_cpu320:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF3AE4A6-6097-4401-8BEA-F19E07749084", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:pacsystems_cru320_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "07F8DA32-1C9C-49B7-91CB-54D9AA9A8FC7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:pacsystems_cru320:-:*:*:*:*:*:*:*", "matchCriteriaId": "46995B50-BD8C-4B27-BE4D-25FDD1699E82", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:ge:pacsystems_rxi_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "82C67446-CA89-44FE-9032-D8C23FD2A934", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:ge:pacsystems_rxi:-:*:*:*:*:*:*:*", "matchCriteriaId": "67D9CF9D-9D56-4452-8C7A-8AECF621DA40", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable."}, {"lang": "es", "value": "En GE PACSystems RX3i CPE305/310, en versiones 9.20 y anteriores; RX3i CPE330, en versiones 9.21 y anteriores; RX3i CPE 400, en versiones 9.30 y anteriores; PACSystems RSTi-EP CPE 100, en todas las versiones; y PACSystems CPU320/CRU320 RXi, en todas las versiones, el dispositivo no valida correctamente las entradas, lo que podr\u00eda permitir que un atacante remoto env\u00ede paquetes especialmente manipulados que causen que el dispositivo deje de estar disponible."}], "id": "CVE-2018-8867", "lastModified": "2024-11-21T04:14:29.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-05-18T20:29:00.323", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104241"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}