Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for Algorithm Suite by Roche Diagnostics
CVE-2024-13026 (GCVE-0-2024-13026)
Vulnerability from cvelistv5 – Published: 2025-01-17 20:02 – Updated: 2025-02-12 20:31 Unsupported When Assigned
VLAI
Title
Inadequate Encryption Strength Vulnerability in Roche Algo Edge
Summary
A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://diagnostics.roche.com/content/dam/diagnos… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Roche Diagnostics | Algorithm Suite |
Affected:
0 , < 2.1.2
(custom)
|
Date Public
2015-01-16 11:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T21:06:18.338722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:25.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Algo Edge"
],
"product": "Algorithm Suite",
"vendor": "Roche Diagnostics",
"versions": [
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-01-16T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify\u00ae Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify\u00ae Algorithm Suite are not affected.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify\u00ae Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify\u00ae Algorithm Suite are not affected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T20:02:32.351Z",
"orgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"shortName": "Roche"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://diagnostics.roche.com/content/dam/diagnostics/Blueprint/en/pdf/Algo%20Edge%20-%20Authentication%20Vulnerability%20-%20Product%20Security%20Advisory.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Inadequate Encryption Strength Vulnerability in Roche Algo Edge",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"assignerShortName": "Roche",
"cveId": "CVE-2024-13026",
"datePublished": "2025-01-17T20:02:32.351Z",
"dateReserved": "2024-12-29T06:09:35.237Z",
"dateUpdated": "2025-02-12T20:31:25.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13026 (GCVE-0-2024-13026)
Vulnerability from nvd – Published: 2025-01-17 20:02 – Updated: 2025-02-12 20:31 Unsupported When Assigned
VLAI
Title
Inadequate Encryption Strength Vulnerability in Roche Algo Edge
Summary
A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-326 - Inadequate Encryption Strength
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://diagnostics.roche.com/content/dam/diagnos… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Roche Diagnostics | Algorithm Suite |
Affected:
0 , < 2.1.2
(custom)
|
Date Public
2015-01-16 11:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T21:06:18.338722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:31:25.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Algo Edge"
],
"product": "Algorithm Suite",
"vendor": "Roche Diagnostics",
"versions": [
{
"lessThan": "2.1.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"datePublic": "2015-01-16T11:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify\u00ae Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify\u00ae Algorithm Suite are not affected.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify\u00ae Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify\u00ae Algorithm Suite are not affected."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "AUTOMATIC",
"Safety": "NEGLIGIBLE",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/S:N/AU:N/R:A/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-326",
"description": "CWE-326 Inadequate Encryption Strength",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T20:02:32.351Z",
"orgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"shortName": "Roche"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://diagnostics.roche.com/content/dam/diagnostics/Blueprint/en/pdf/Algo%20Edge%20-%20Authentication%20Vulnerability%20-%20Product%20Security%20Advisory.pdf"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "Inadequate Encryption Strength Vulnerability in Roche Algo Edge",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "5cdcf916-2b10-4ec8-bfc1-d054821e439e",
"assignerShortName": "Roche",
"cveId": "CVE-2024-13026",
"datePublished": "2025-01-17T20:02:32.351Z",
"dateReserved": "2024-12-29T06:09:35.237Z",
"dateUpdated": "2025-02-12T20:31:25.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}