CVE-2018-8867

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
gepacsystems_rx3i_cpe305_firmware
𝑥
≤ 9.20
gepacsystems_rx3i_cpe310_firmware
𝑥
≤ 9.20
gerx3i_cpe330_firmware
𝑥
≤ 9.21
gerx3i_cpe_400_firmware
𝑥
≤ 9.30
gepacsystems_rsti-ep_cpe_100_firmware
-
gepacsystems_cpu320_firmware
-
gepacsystems_cru320_firmware
-
gepacsystems_rxi_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/104241
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01
http://www.securityfocus.com/bid/104241
https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01