医疗器械网络安全漏洞自评报告.doc(43页)

  • 医疗器械网络安全漏洞自评报告.doc(43页)

    目录
    医疗器械网络安全漏洞自评报告1
    1.目的3
    2.引用文件3
    3. CVSS 漏洞等级3
    4.漏洞扫描报告12
    5.漏洞总数和剩余漏洞数12
    6.竞争条件(CWE-362: Race Condition)18
    7.输入验证(CWE-20: Improper Input Validation)19
    8.缓冲区错误(CWE-119: Buffer Errors)20
    9.格式化字符串(CWE-134: Format String Vulnerability)22
    10.跨站脚本(CWE-79: Cross-site Scripting)23
    12.后置链接(CWE-59: Link Following)25
    13.注入(CWE-74: Injection)26
    14.代码注入(CWE-94: Code Injection)27
    15.命令注入(CWE-77: Command Injection)29
    16. SQL 注入(CWE-89: SQL Injection)30
    17.操作系统命令注入(CWE-78: OS Command Injection)31
    18.安全特征问题(CWE-254: Security Features)32
    19.授权问题(CWE-287: Improper Authentication)33
    20.信任管理(CWE-255: Credentials Management)34
    21.加密问题(CWE-310: Cryptographic Issues)35
    21.1描述35
    22.未充分验证数据可靠性(CWE-345: Insufficient Verification of Data Authenticity)36
    23.跨站请求伪造(CWE-352: Cross-Site Request Forgery)37
    24.权限许可和访问控制(CWE-264: Permissions, Privileges, and Access Controls)38
    25.访问控制错误(CWE-284: Improper Access Control)39
    26.资料不足40
    重要漏洞实例42
    漏洞简述42
    结论43
    6.剩余漏洞的维护方案43
    网络设备安全建议:43
    总结43

     

  • 267.97KB
  • 法规标准
  • 2025-06-12
  • 医疗器械