IcscertCVE-2018-8857CVE-2018-8857
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.1%
Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| philips | brilliance_firmware_64 | * | cpe:2.3:o:philips:brilliance_firmware_64:*:*:*:*:*:*:*:* |
| philips | brilliance_64 | - | cpe:2.3:h:philips:brilliance_64:-:*:*:*:*:*:*:* |
| philips | brilliance_ict_sp_firmware | * | cpe:2.3:o:philips:brilliance_ict_sp_firmware:*:*:*:*:*:*:*:* |
| philips | brilliance_ict_sp | - | cpe:2.3:h:philips:brilliance_ict_sp:-:*:*:*:*:*:*:* |
| philips | brilliance_ict_firmware | * | cpe:2.3:o:philips:brilliance_ict_firmware:*:*:*:*:*:*:*:* |
| philips | brilliance_ict | - | cpe:2.3:h:philips:brilliance_ict:-:*:*:*:*:*:*:* |
| philips | _brilliance_ct_big_bore_firmware | * | cpe:2.3:o:philips:_brilliance_ct_big_bore_firmware:*:*:*:*:*:*:*:* |
| philips | _brilliance_ct_big_bore | - | cpe:2.3:h:philips:_brilliance_ct_big_bore:-:*:*:*:*:*:*:* |
CNA Affected
[
{
"product": "Brilliance CT Scanners",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior."
}
]
}
]Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
21.1%