Vulnerability CVE-2018-8854


Published: 2018-09-26

Description:
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
Philips -> E-alert firmware 

 References:
http://www.securityfocus.com/bid/105194
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security

Copyright 2024, cxsecurity.com

 

Back to Top