- Fukushima Report: Robot Lifts Melted Fuel
- TÜV, Nozomi Ink Partnership Pact
- Pangea Patches Bypass Vulnerability
- Fuji Fixes FRENIC Devices
- ARC: Safety and Profitability Work Together
- Public Needs to Know About Chem Releases: Judge
- Robot Testing Radioactive Fuel at Fukushima
- Siemens Fixes CP1604, CP1616 Holes
- Siemens has Upgrade for Intel AMT
- Siemens Fixes Hole in SIMATIC S7-300 CPU
- Siemens has Licensing Software Fix for SICAM 230
- Siemens Fixes Ethernet Communication Module, Relays
- OSIsoft has Update for PI Vision Hole
- First Responders Test Technology
- Manufacturing Targeted in Hack Attack
- Siemens Fixes SICAM A8000 RTU Series Hole
Chemical Safety Incidents
Change Healthcare Fixes Vulnerability
Monday, October 8, 2018 @ 10:10 AM gHale
Change Healthcare has a patch to mitigate an information exposure through an error message vulnerability in its PeerVue Web Server, according to a report with NCCIC.
Successful exploitation of this vulnerability, discovered by Dan Regalado of Zingbox, could allow an attacker to obtain technical information about the PeerVue Web Server, allowing an attacker to target a system for attack.
RELATED STORIES
Carestream Remediates Vue RIS Hole
Delta Electronics Fixes ISPSoft Hole
GE Fills Hole in Communicator
Delta Electronics Update for PMSoft
PeerVue Web Server all versions up to 7.6.2 suffer from vulnerability that is exploitable on an adjacent network.
This vulnerability results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.
CVE-2018-10624 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.3.
The product sees use in the healthcare and public health sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability, but information regarding this vulnerability has been publicly disclosed. An attacker with low skill level could leverage the vulnerability.
Change Healthcare released a patch to remediate the reported vulnerability. Users should contact the Change Healthcare Support team for information regarding the patch.
Leave a Reply
You must be logged in to post a comment.