CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-13026: Inadequate Encryption Strength Vulnerability in Roche Algo Edge

6.1 CVSS

Description

A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected.

Classification

CVE ID: CVE-2024-13026

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.1

Affected Products

Vendor: Roche Diagnostics

Product: Algorithm Suite

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.66% (scored less or equal to compared to others)

EPSS Date: 2025-02-15 (when was this score calculated)

References

https://diagnostics.roche.com/content/dam/diagnostics/Blueprint/en/pdf/Algo%20Edge%20-%20Authentication%20Vulnerability%20-%20Product%20Security%20Advisory.pdf

Timeline

2025-01-18 00:30:17 UTC
CVE

Inadequate Encryption Strength Vulnerability in Roche Algo Edge