Vulnerability CVE-2018-10597


Published: 2018-06-05

Description:
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

Type:

CWE-287

(Improper Authentication)

CVSS2 => (AV:A/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.4/10
6.4/10
5.5/10
Exploit range
Attack complexity
Authentication
Adjacent network
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Philips -> Intellivue patient monitors np90 firmware 
Philips -> Avalon fetal/maternal monitors fm20 firmware 
Philips -> Intellivue patient monitors x2 firmware 
Philips -> Avalon fetal/maternal monitors fm30 firmware 
Philips -> Intellivue patient monitors x3 firmware 
Philips -> Avalon fetal/maternal monitors fm40 firmware 
Philips -> Avalon fetal/maternal monitors fm50 firmware 
Philips -> Intellivue patient monitors mp2 firmware 
Philips -> Intellivue patient monitors mp30 firmware 
Philips -> Intellivue patient monitors mp50 firmware 
Philips -> Intellivue patient monitors mp70 firmware 
Philips -> Intellivue patient monitors mx100 firmware 
Philips -> Intellivue patient monitors mx400 firmware 
Philips -> Intellivue patient monitors mx450 firmware 
Philips -> Intellivue patient monitors mx500 firmware 
Philips -> Intellivue patient monitors mx550 firmware 
Philips -> Intellivue patient monitors mx700 firmware 
Philips -> Intellivue patient monitors mx800 firmware 

 References:
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01

Copyright 2024, cxsecurity.com

 

Back to Top