Vulnerability CVE-2018-14789
Published: 2018-08-22

Description:
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.

Type:

CWE-428

 (Unquoted Search Path or Element)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Phillips -> Intellispace cardiovascular 
Phillips -> Xcelera 

 References:
https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Copyright 2024, cxsecurity.com

 

Back to Top