Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveIcscertCVE-2018-14799
HistoryAug 22, 2018 - 6:29 p.m.

CVE-2018-14799

2018-08-2218:29:00
CWE-119
CWE-20
CWE-134
icscert
web.nvd.nist.gov
29
philips
pagewriter
tc10
tc20
tc30
tc50
tc70
cardiographs
data sanitization
buffer overflow
format string
vulnerabilities
nvd
cve-2018-14799

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

3.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

Affected configurations

Nvd
Node
philipspagewriter_tc70_firmwareMatch-
AND
philipspagewriter_tc70Match-
Node
philipspagewriter_tc50_firmwareMatch-
AND
philipspagewriter_tc50Match-
Node
philipspagewriter_tc30_firmwareMatch-
AND
philipspagewriter_tc30Match-
Node
philipspagewriter_tc20_firmwareMatch-
AND
philipspagewriter_tc20Match-
Node
philipspagewriter_tc10_firmwareMatch-
AND
philipspagewriter_tc10Match-
VendorProductVersionCPE
philipspagewriter_tc70_firmware-cpe:2.3:o:philips:pagewriter_tc70_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc70-cpe:2.3:h:philips:pagewriter_tc70:-:*:*:*:*:*:*:*
philipspagewriter_tc50_firmware-cpe:2.3:o:philips:pagewriter_tc50_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc50-cpe:2.3:h:philips:pagewriter_tc50:-:*:*:*:*:*:*:*
philipspagewriter_tc30_firmware-cpe:2.3:o:philips:pagewriter_tc30_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc30-cpe:2.3:h:philips:pagewriter_tc30:-:*:*:*:*:*:*:*
philipspagewriter_tc20_firmware-cpe:2.3:o:philips:pagewriter_tc20_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc20-cpe:2.3:h:philips:pagewriter_tc20:-:*:*:*:*:*:*:*
philipspagewriter_tc10_firmware-cpe:2.3:o:philips:pagewriter_tc10_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc10-cpe:2.3:h:philips:pagewriter_tc10:-:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
    "vendor": "Philips",
    "versions": [
      {
        "status": "affected",
        "version": "All versions prior to May 2018."
      }
    ]
  }
]

Related

cvelist 1
prion 1
nvd 1
ics 1
cvelist
cvelist
CVE-2018-14799
2018-08-22 18:00:00
prion
prion
Format string
2018-08-22 18:29:00
nvd
nvd
CVE-2018-14799
2018-08-22 18:29:00
ics
ics
Philips PageWriter TC10, TC20, TC30, TC50, and TC70 Cardiographs (Update A)
2020-06-09 12:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

3.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

4.6

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON
Related for CVE-2018-14799
cvelist1prion1nvd1ics1