Lucene search

[email protected]NVD:CVE-2018-14799

HistoryAug 22, 2018 - 6:29 p.m.

CVE-2018-14799

2018-08-2218:29:00

CWE-20

CWE-119

CWE-134

[email protected]

web.nvd.nist.gov

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

3.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

Affected configurations

Nvd

Node

philipspagewriter_tc70_firmwareMatch-

AND

philipspagewriter_tc70Match-

Node

philipspagewriter_tc50_firmwareMatch-

AND

philipspagewriter_tc50Match-

Node

philipspagewriter_tc30_firmwareMatch-

AND

philipspagewriter_tc30Match-

Node

philipspagewriter_tc20_firmwareMatch-

AND

philipspagewriter_tc20Match-

Node

philipspagewriter_tc10_firmwareMatch-

AND

philipspagewriter_tc10Match-

VendorProductVersionCPE
philipspagewriter_tc70_firmware-cpe:2.3:o:philips:pagewriter_tc70_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc70-cpe:2.3:h:philips:pagewriter_tc70:-:*:*:*:*:*:*:*
philipspagewriter_tc50_firmware-cpe:2.3:o:philips:pagewriter_tc50_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc50-cpe:2.3:h:philips:pagewriter_tc50:-:*:*:*:*:*:*:*
philipspagewriter_tc30_firmware-cpe:2.3:o:philips:pagewriter_tc30_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc30-cpe:2.3:h:philips:pagewriter_tc30:-:*:*:*:*:*:*:*
philipspagewriter_tc20_firmware-cpe:2.3:o:philips:pagewriter_tc20_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc20-cpe:2.3:h:philips:pagewriter_tc20:-:*:*:*:*:*:*:*
philipspagewriter_tc10_firmware-cpe:2.3:o:philips:pagewriter_tc10_firmware:-:*:*:*:*:*:*:*
philipspagewriter_tc10-cpe:2.3:h:philips:pagewriter_tc10:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philips	pagewriter_tc70_firmware	-	cpe:2.3:o:philips:pagewriter_tc70_firmware:-:::::::*
philips	pagewriter_tc70	-	cpe:2.3:h:philips:pagewriter_tc70:-:::::::*
philips	pagewriter_tc50_firmware	-	cpe:2.3:o:philips:pagewriter_tc50_firmware:-:::::::*
philips	pagewriter_tc50	-	cpe:2.3:h:philips:pagewriter_tc50:-:::::::*
philips	pagewriter_tc30_firmware	-	cpe:2.3:o:philips:pagewriter_tc30_firmware:-:::::::*
philips	pagewriter_tc30	-	cpe:2.3:h:philips:pagewriter_tc30:-:::::::*
philips	pagewriter_tc20_firmware	-	cpe:2.3:o:philips:pagewriter_tc20_firmware:-:::::::*
philips	pagewriter_tc20	-	cpe:2.3:h:philips:pagewriter_tc20:-:::::::*
philips	pagewriter_tc10_firmware	-	cpe:2.3:o:philips:pagewriter_tc10_firmware:-:::::::*
philips	pagewriter_tc10	-	cpe:2.3:h:philips:pagewriter_tc10:-:::::::*

References

www.securityfocus.com/bid/105103

ics-cert.us-cert.gov/advisories/ICSMA-18-228-01

www.usa.philips.com/healthcare/about/customer-support/product-security

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

3.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

23.4%

JSON

Related for NVD:CVE-2018-14799

cvelist1 prion1 cve1 ics1