ICSMA-18-310-01 · Published 2018-11-08 · View on CISA ICS-CERT ↗

Roche Diagnostics Point of Care Handheld Medical Devices (Update A)

CVSS 8.3 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to modify system settings or execute arbitrary code.

CVEs (5)

CVE-2018-18561 CVE-2018-18562 CVE-2018-18563 CVE-2018-18564 CVE-2018-18565

Remediations

Roche recommends the following mitigation procedures for connected devices (Ethernet and Wi-Fi):
For non-connected devices:
For all affected products, Roche Diagnostic has scheduled release of new software updates with availability beginning November 2018.
For further information or concerns, please contact a local Roche Diagnostics office at the following location:
https://www.roche.com/about/business/roche_worldwide.htm

Affected Vendors

Roche Diagnostics

Affected Products (8)

Roche Diagnostics · Point of Care handheld medical devices Accu-Chek Inform II

Roche Diagnostics · Point of Care handheld medical devices CoaguChek Pro II

Roche Diagnostics · Point of Care handheld medical devices CoaguChek XS Plus

Roche Diagnostics · Point of Care handheld medical devices CoaguChek XS Pro

Roche Diagnostics · Point of Care handheld medical devices cobas h 232 POC

Roche Diagnostics · Point of Care handheld medical devices base units (BU)|handheld base units (HBU)

Roche Diagnostics · Point of Care handheld medical devices Accu-Chek Inform II Base Unit Light

Roche Diagnostics · Point of Care handheld medical devices Accu-Chek Inform II Base Unit NEW with Software 04.00.00 or newer

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more