All the vulnerabilites related to Philips - IntelliVue X3
var-202009-0595
Vulnerability from variot
In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0595",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "performancebridge focal point",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "a.01"
},
{
"model": "patient information center ix",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "c.03"
},
{
"model": "intellivue mx550",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx100",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp2-mp90",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx750",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx600",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx400",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx700",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x3",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx850",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx800",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "patient information center ix",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "b.02"
},
{
"model": "patient information center ix",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "c.02"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:performancebridge_focal_point:a.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "in the context of the BSI project ManiMed (Manipulation of medical devices), Germany,Julian Suleder, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Dr. Oliver Matula of ERNW Enno, which reported these to Philips., Nils Emmerich, Birk Kauer of ERNW Research GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
}
],
"trust": 0.6
},
"cve": "CVE-2020-16228",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CVE-2020-16228",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.1,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-169285",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2020-16228",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16228",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-677",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-169285",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-16228",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169285"
},
{
"db": "VULMON",
"id": "CVE-2020-16228"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
},
{
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Patient Information Center iX (PICiX) Versions C.02 and C.03, \nPerformanceBridge Focal Point Version A.01, IntelliVue patient monitors \nMX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and \nprior, the software does not check or incorrectly checks the revocation \nstatus of a certificate, which may cause it to use a compromised \ncertificate. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16228"
},
{
"db": "VULHUB",
"id": "VHN-169285"
},
{
"db": "VULMON",
"id": "CVE-2020-16228"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16228",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSMA-20-254-01",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202009-677",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3140",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-169285",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-16228",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169285"
},
{
"db": "VULMON",
"id": "CVE-2020-16228"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
},
{
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"id": "VAR-202009-0595",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-169285"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-13T22:23:18.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patient Information Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128120"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-299",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169285"
},
{
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"trust": 1.0,
"url": "https://www.philips.com/productsecurity"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3140/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16228"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/299.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169285"
},
{
"db": "VULMON",
"id": "CVE-2020-16228"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
},
{
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-169285"
},
{
"db": "VULMON",
"id": "CVE-2020-16228"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
},
{
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-169285"
},
{
"date": "2020-09-11T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16228"
},
{
"date": "2020-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-677"
},
{
"date": "2020-09-11T13:15:00",
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-169285"
},
{
"date": "2020-09-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-16228"
},
{
"date": "2021-09-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-677"
},
{
"date": "2023-12-12T21:15:00",
"db": "NVD",
"id": "CVE-2020-16228"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Patient Information Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-677"
}
],
"trust": 0.6
}
}
var-202009-0604
Vulnerability from variot
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0604",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "performancebridge focal point",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "a.01"
},
{
"model": "patient information center ix",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "c.03"
},
{
"model": "intellivue mx550",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx100",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp2-mp90",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx750",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx600",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx400",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx700",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x3",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx850",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx800",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "patient information center ix",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "b.02"
},
{
"model": "patient information center ix",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "c.02"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:performancebridge_focal_point:a.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2-mp90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2-mp90:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx850_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx850:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:n:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx750_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx600_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "in the context of the BSI project ManiMed (Manipulation of medical devices), Germany,Julian Suleder, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Dr. Oliver Matula of ERNW Enno, which reported these to Philips., Nils Emmerich, Birk Kauer of ERNW Research GmbH",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
}
],
"trust": 0.6
},
"cve": "CVE-2020-16216",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-16216",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-169272",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-16216",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-16216",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-674",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-169272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169272"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
},
{
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, \nMX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, \nthe product receives input or data but does not validate or incorrectly \nvalidates that the input has the properties required to process the data\n safely and correctly, which can induce a denial-of-service condition \nthrough a system restart. A vulnerability exists in Patient Information. The vulnerability stems from special elements that may be interpreted as commands when spreadsheet software opens the file. The following products and versions are affected: B.02, C.02, C.03",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-16216"
},
{
"db": "VULHUB",
"id": "VHN-169272"
}
],
"trust": 0.99
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-16216",
"trust": 1.7
},
{
"db": "ICS CERT",
"id": "ICSMA-20-254-01",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-202009-674",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.3140",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-169272",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169272"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
},
{
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"id": "VAR-202009-0604",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-169272"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-13T22:23:18.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patient Information Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128117"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169272"
},
{
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"trust": 1.0,
"url": "https://www.philips.com/productsecurity"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.3140/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16216"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-169272"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
},
{
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-169272"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
},
{
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-169272"
},
{
"date": "2020-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-674"
},
{
"date": "2020-09-11T14:15:00",
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-169272"
},
{
"date": "2022-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-674"
},
{
"date": "2023-12-12T21:15:00",
"db": "NVD",
"id": "CVE-2020-16216"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Patient Information Center iX Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-674"
}
],
"trust": 0.6
}
}
var-201806-0568
Vulnerability from variot
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. plural Philips The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. Unauthorized access vulnerabilities exist in several Philips products. An attacker could exploit the vulnerability to access memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0568",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "avalon fetal\\/maternal monitors fm30",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm50",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm20",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm40",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx700",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx450",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue np90",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx100",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx500",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx550",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp70",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp50",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx400",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x3",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx800",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp30",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm40",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp70",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx400",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx700",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx800",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors np90",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 f.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 g.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 j.3",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp2/x2/mp30/mp50/mp70/np90/mx700/800 \u003e=b,\u003c=m",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx400-550 \u003e=j,\u003c=m",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitorsx3/mx100 m",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx800",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx450",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx550",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm20",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm40",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp70",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors np90",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx700",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx800",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx400",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"cve": "CVE-2018-10597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10597",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-11071",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-120372",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10597",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10597",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-305",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120372",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet. plural Philips The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. Unauthorized access vulnerabilities exist in several Philips products. An attacker could exploit the vulnerability to access memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120372"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10597",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-156-01",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2018-11071",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F21E9E-39AB-11E9-AB1D-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120372",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
]
},
"id": "VAR-201806-0568",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
}
]
},
"last_update_date": "2023-12-18T12:36:45.342000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare"
},
{
"title": "Patches for unauthorized access to a number of Philips products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/131447"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-156-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10597"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10597"
},
{
"trust": 0.6,
"url": "https://www.philips.com/productsecurity"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"date": "2018-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"date": "2018-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-120372"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"date": "2018-06-05T20:29:00.827000",
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-120372"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"date": "2021-05-10T15:08:11.710000",
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"date": "2020-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
],
"trust": 0.6
}
}
var-201806-0571
Vulnerability from variot
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow. plural Philips The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. A buffer overflow vulnerability exists in PhilipsIntelliVuePatientandAvalonFetalMonitors. An attacker could exploit the vulnerability to read memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0571",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "avalon fetal\\/maternal monitors fm30",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm50",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm20",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm40",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx700",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx450",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue np90",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx100",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx500",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx550",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp70",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp50",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx400",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x3",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx800",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp30",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm40",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp70",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx400",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx700",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx800",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors np90",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 f.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 g.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 j.3",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx400",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx450",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx550",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm20",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm40",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp70",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors np90",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx700",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx800",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx400",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10601"
}
]
},
"cve": "CVE-2018-10601",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10601",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-11994",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:P/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-120377",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10601",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10601",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-11994",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-303",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120377",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "VULHUB",
"id": "VHN-120377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an \"echo\" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow. plural Philips The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. A buffer overflow vulnerability exists in PhilipsIntelliVuePatientandAvalonFetalMonitors. An attacker could exploit the vulnerability to read memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120377"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10601",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-156-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201806-303",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-11994",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F48FA1-39AB-11E9-AAEE-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120377",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "VULHUB",
"id": "VHN-120377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
]
},
"id": "VAR-201806-0571",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "VULHUB",
"id": "VHN-120377"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
}
]
},
"last_update_date": "2023-12-18T12:36:45.412000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare"
},
{
"title": "Patch for Philips IntelliVuePatientandAvalonFetalMonitors Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132733"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"db": "NVD",
"id": "CVE-2018-10601"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-156-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10601"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10601"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "VULHUB",
"id": "VHN-120377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"db": "VULHUB",
"id": "VHN-120377"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-25T00:00:00",
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"date": "2018-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"date": "2018-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-120377"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"date": "2018-06-05T20:29:00.903000",
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11994"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-120377"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006288"
},
{
"date": "2021-05-10T15:08:11.710000",
"db": "NVD",
"id": "CVE-2018-10601"
},
{
"date": "2020-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips IntelliVue Patient and Avalon Fetal Monitors Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11994"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e2f48fa1-39ab-11e9-aaee-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-303"
}
],
"trust": 0.8
}
}
var-201806-0569
Vulnerability from variot
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. plural Philips The product contains an information disclosure vulnerability.Information may be obtained. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. There is an information disclosure vulnerability in PhilipsIntelliVuePatientandAvalonFetalMonitors. An attacker could exploit the vulnerability to read memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0569",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "avalon fetal\\/maternal monitors fm30",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm50",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm20",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm40",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx700",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx450",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue np90",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx100",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx500",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx550",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp70",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp50",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx400",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x3",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx800",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp30",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm40",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp70",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx400",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx700",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx800",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors np90",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 f.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 g.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 j.3",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx700",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx450",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx550",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm20",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm40",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp70",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors np90",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx700",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx800",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx400",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10599"
}
]
},
"cve": "CVE-2018-10599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.9,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-10599",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-11995",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-120374",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10599",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-10599",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-11995",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-304",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-120374",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "VULHUB",
"id": "VHN-120374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. plural Philips The product contains an information disclosure vulnerability.Information may be obtained. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. There is an information disclosure vulnerability in PhilipsIntelliVuePatientandAvalonFetalMonitors. An attacker could exploit the vulnerability to read memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120374"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10599",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-156-01",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2018-11995",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-304",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F46893-39AB-11E9-BDDD-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120374",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "VULHUB",
"id": "VHN-120374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"id": "VAR-201806-0569",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "VULHUB",
"id": "VHN-120374"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
}
]
},
"last_update_date": "2023-12-18T12:36:45.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare"
},
{
"title": "PhilipsIntelliVuePatientandAvalonFetalMonitors information disclosure vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/132731"
},
{
"title": "Multiple Philips Product information disclosure vulnerability repair measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=80662"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "NVD",
"id": "CVE-2018-10599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-156-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10599"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10599"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "VULHUB",
"id": "VHN-120374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"db": "VULHUB",
"id": "VHN-120374"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-25T00:00:00",
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"date": "2018-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"date": "2018-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-120374"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"date": "2018-06-05T20:29:00.873000",
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11995"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-120374"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006287"
},
{
"date": "2021-05-10T15:08:11.710000",
"db": "NVD",
"id": "CVE-2018-10599"
},
{
"date": "2020-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips IntelliVue Patient and Avalon Fetal Monitors Information Exposure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2f46893-39ab-11e9-bddd-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11995"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-304"
}
],
"trust": 0.6
}
}
cve-2020-16228
Vulnerability from cvelistv5
Published
2020-09-11 12:58
Modified
2024-08-04 13:37
Severity ?
EPSS score ?
Summary
Philips Patient Monitoring Devices Improper Check for Certificate Revocation
References
| ▼ | URL | Tags |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 | x_refsource_MISC | |
| https://www.philips.com/productsecurity |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:37:54.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Patient Information Center iX (PICiX)",
"vendor": "Philips ",
"versions": [
{
"status": "affected",
"version": "C.02"
},
{
"status": "affected",
"version": "C.03"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PerformanceBridge Focal Point",
"vendor": "Philips ",
"versions": [
{
"status": "affected",
"version": "A.01"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IntelliVue patient monitors",
"vendor": "Philips ",
"versions": [
{
"status": "affected",
"version": "MX100"
},
{
"status": "affected",
"version": "MX400-MX550"
},
{
"status": "affected",
"version": "MX750"
},
{
"status": "affected",
"version": "MX850"
}
]
},
{
"defaultStatus": "unaffected",
"product": "IntelliVue X3",
"vendor": "Philips ",
"versions": [
{
"lessThanOrEqual": "N ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Julian Suleder, Nils Emmerich, Birk Kauer of ERNW Research GmbH, Dr. Oliver Matula of ERNW Enno, and Rey Netzwerke GmbH reported these vulnerabilities to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project ManiMed (Manipulation of medical devices), which reported these to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nIn Patient Information Center iX (PICiX) Versions C.02 and C.03, \nPerformanceBridge Focal Point Version A.01, IntelliVue patient monitors \nMX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and \nprior, the software does not check or incorrectly checks the revocation \nstatus of a certificate, which may cause it to use a compromised \ncertificate.\n\n\u003c/p\u003e"
}
],
"value": "In Patient Information Center iX (PICiX) Versions C.02 and C.03, \nPerformanceBridge Focal Point Version A.01, IntelliVue patient monitors \nMX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and \nprior, the software does not check or incorrectly checks the revocation \nstatus of a certificate, which may cause it to use a compromised \ncertificate.\n\n\n\n"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-299",
"description": "CWE-299 Improper Check for Certificate Revocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-12T20:52:52.755Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
},
{
"url": "https://www.philips.com/productsecurity"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003ePhilips released the following versions to remediate reported vulnerabilities:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003ePatient Information Center iX (PICiX) Version C.03\u003c/li\u003e\n\u003cli\u003ePerformanceBridge Focal Point\u003c/li\u003e\n\u003cli\u003eIntelliVue Patient Monitors Versions N.00 and N.01\u003c/li\u003e\n\u003cli\u003eIntelliVue Patient Monitors Version M.04: Contact a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team\u003c/a\u003e for an upgrade path\u003c/li\u003e\n\u003cli\u003eCertificate revocation within the system was implemented for PIC iX \nand Performance Bridge FocalPoint in 2023. The implementation of the \nIntelliVue Patient Monitors will be completed in Q3 of 2024.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "Philips released the following versions to remediate reported vulnerabilities:\n\n\n\n * Patient Information Center iX (PICiX) Version C.03\n\n * PerformanceBridge Focal Point\n\n * IntelliVue Patient Monitors Versions N.00 and N.01\n\n * IntelliVue Patient Monitors Version M.04: Contact a Philips service support team https://www.usa.philips.com/healthcare/solutions/customer-service-solutions for an upgrade path\n\n * Certificate revocation within the system was implemented for PIC iX \nand Performance Bridge FocalPoint in 2023. The implementation of the \nIntelliVue Patient Monitors will be completed in Q3 of 2024.\n\n\n\n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Philips Patient Monitoring Devices Improper Check for Certificate Revocation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cp\u003eAs a mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://incenter.medical.philips.com/\"\u003eInCenter\u003c/a\u003e.\u003c/li\u003e\n\u003cli\u003eBy default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\u003c/li\u003e\n\u003cli\u003eWhen enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\u003c/li\u003e\n\u003cli\u003eImplement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\u003c/li\u003e\n\u003cli\u003eOnly grant remote access to PIC iX servers on a must-have basis.\u003c/li\u003e\n\u003cli\u003eGrant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team, or regional service support\u003c/a\u003e, or call 1-800-722-9377.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the Philips advisory and the latest security information for Philips products.\u003c/p\u003e\n\n\u003cbr\u003e"
}
],
"value": "As a mitigation to these vulnerabilities, Philips recommends the following:\n\n\n\n * The Philips patient monitoring network is required to be physically \nor logically isolated from the hospital local area network (LAN). \nPhilips recommends using a firewall or routers that can implement access\n control lists restricting access in and out of the patient monitoring \nnetwork for only necessary ports and IP addresses. Refer to the Philips \nPatient Monitoring System Security for Clinical Networks guide for \nadditional information on InCenter https://incenter.medical.philips.com/ .\n\n * By default, the simple certificate enrollment protocol (SCEP) \nservice is not running. When needed, the service is configured to run \nbased on the duration or the number of certificates to be assigned. One \ncertificate is default, but if a certificate is not issued, the service \nwill continue to run. Limit exposure by ensuring the SCEP service is not\n running unless it is actively being used to enroll new devices.\n\n * When enrolling new devices using SCEP, enter a unique challenge password of 8-12 unpredictable and randomized digits.\n\n * Implement physical security controls to prevent unauthorized login \nattempts on the PIC iX application. Servers should be kept in controlled\n locked data centers. Access to equipment at nurses\u2019 stations should be \ncontrolled and monitored.\n\n * Only grant remote access to PIC iX servers on a must-have basis.\n\n * Grant login privileges to the bedside monitor and PIC iX application\n on a role-based, least-privilege basis, and only to trusted users.\n\n\n\n\nUsers with questions regarding their specific Philips Patient \nInformation Center (PIC iX) and/or IntelliVue patient monitor \ninstallations and new release eligibility should contact their local Philips service support team, or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-800-722-9377.\n\n\nPlease see the Philips product security website https://www.philips.com/productsecurity for the Philips advisory and the latest security information for Philips products.\n\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-16228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Patient Information Center iX (PICiX), PerformanceBridge Focal Point, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90, IntelliVue X3 and X2.",
"version": {
"version_data": [
{
"version_value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX850, and MP2-MP90 Versions N and prior, IntelliVue X3 and X2 Versions N and prior. The software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER CHECK FOR CERTIFICATE REVOCATION CWE-299"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-16228",
"datePublished": "2020-09-11T12:58:13",
"dateReserved": "2020-07-31T00:00:00",
"dateUpdated": "2024-08-04T13:37:54.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}