Lucene search

IcscertCVE-2018-8861

HistoryMay 04, 2018 - 5:29 p.m.

CVE-2018-8861

2018-05-0417:29:00

CWE-668

icscert

web.nvd.nist.gov

cve-2018-8861

vulnerability

philips brilliance ct

kiosk

unauthorized access

privilege escalation

windows os

nvd

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:C/I:C/A:P

CVSS3

8.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.

Affected configurations

Nvd

Node

philipsbrilliance_firmware_64Range≤2.6.2

AND

philipsbrilliance_64Match-

Node

philipsbrilliance_ict_sp_firmwareRange≤3.2.4

AND

philipsbrilliance_ict_spMatch-

Node

philipsbrilliance_ict_firmwareRange≤4.1.6

AND

philipsbrilliance_ictMatch-

Node

philips_brilliance_ct_big_bore_firmwareRange≤2.3.5

AND

philips_brilliance_ct_big_boreMatch-

VendorProductVersionCPE
philipsbrilliance_firmware_64*cpe:2.3:o:philips:brilliance_firmware_64:*:*:*:*:*:*:*:*
philipsbrilliance_64-cpe:2.3:h:philips:brilliance_64:-:*:*:*:*:*:*:*
philipsbrilliance_ict_sp_firmware*cpe:2.3:o:philips:brilliance_ict_sp_firmware:*:*:*:*:*:*:*:*
philipsbrilliance_ict_sp-cpe:2.3:h:philips:brilliance_ict_sp:-:*:*:*:*:*:*:*
philipsbrilliance_ict_firmware*cpe:2.3:o:philips:brilliance_ict_firmware:*:*:*:*:*:*:*:*
philipsbrilliance_ict-cpe:2.3:h:philips:brilliance_ict:-:*:*:*:*:*:*:*
philips_brilliance_ct_big_bore_firmware*cpe:2.3:o:philips:_brilliance_ct_big_bore_firmware:*:*:*:*:*:*:*:*
philips_brilliance_ct_big_bore-cpe:2.3:h:philips:_brilliance_ct_big_bore:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philips	brilliance_firmware_64	*	cpe:2.3:o:philips:brilliance_firmware_64::::::::
philips	brilliance_64	-	cpe:2.3:h:philips:brilliance_64:-:::::::*
philips	brilliance_ict_sp_firmware	*	cpe:2.3:o:philips:brilliance_ict_sp_firmware::::::::
philips	brilliance_ict_sp	-	cpe:2.3:h:philips:brilliance_ict_sp:-:::::::*
philips	brilliance_ict_firmware	*	cpe:2.3:o:philips:brilliance_ict_firmware::::::::
philips	brilliance_ict	-	cpe:2.3:h:philips:brilliance_ict:-:::::::*
philips	_brilliance_ct_big_bore_firmware	*	cpe:2.3:o:philips:_brilliance_ct_big_bore_firmware::::::::
philips	_brilliance_ct_big_bore	-	cpe:2.3:h:philips:_brilliance_ct_big_bore:-:::::::*

CNA Affected

[
  {
    "product": "Brilliance CT Scanners",
    "vendor": "Philips",
    "versions": [
      {
        "status": "affected",
        "version": "Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior."
      }
    ]
  }
]

References

www.securityfocus.com/bid/104088

ics-cert.us-cert.gov/advisories/ICSMA-18-123-01

www.usa.philips.com/healthcare/about/customer-support/product-security

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:C/I:C/A:P

CVSS3

8.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

AI Score

8.4

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

Related for CVE-2018-8861