CVE-2018-8867

moderate-risk

Published 2018-05-18

In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 version 9.21 and prior, RX3i CPE 400 version 9.30 and prior, PACSystems RSTi-EP CPE 100 all versions, and PACSystems CPU320/CRU320 RXi all versions, the device does not properly validate input, which could allow a remote attacker to send specially crafted packets causing the device to become unavailable.

Do I need to act?

2.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (8)

Pacsystems Rx3I Cpe305 Firmware

Pacsystems Rx3I Cpe310 Firmware

Rx3I Cpe330 Firmware

Rx3I Cpe 400 Firmware

Pacsystems Rsti-Ep Cpe 100 Firmware

Pacsystems Cpu320 Firmware

Pacsystems Cru320 Firmware

Pacsystems Rxi Firmware

Affected Vendors

References (4)

Third Party Advisory http://www.securityfocus.com/bid/104241

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01

Third Party Advisory http://www.securityfocus.com/bid/104241

Mitigation https://ics-cert.us-cert.gov/advisories/ICSA-18-137-01

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 6/34 · Minimal

Exposure 14/34 · Moderate