cvelistv5 - cve-2018-19001

CVE-2018-19001 (GCVE-0-2018-19001)

Vulnerability from cvelistv5 – Published: 2018-12-07 14:00 – Updated: 2024-08-05 11:23

Summary

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

Severity ?

No CVSS data available.

CWE

CWE-326 - INADEQUATE ENCRYPTION STRENGTH CWE-326

Assigner

icscert

References

URL

	Vendor	Product	Version
	n/a	Philips HealthSuite Health Android App	Affected: All versions

VAR-201812-0467

Vulnerability from variot - Updated: 2023-12-18 13:43

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. Android for Philips HealthSuite Health The application contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Local attackers can exploit this issue to gain access to the sensitive information. Information obtained may lead to further attacks. An attacker could exploit this vulnerability to compromise the integrity and confidentiality of the device

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0467",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "healthsuite health",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "philips",
        "version": "*"
      },
      {
        "model": "healthsuite health",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "philips",
        "version": "android app"
      },
      {
        "model": "healthsuite health",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "philips",
        "version": "android"
      },
      {
        "model": "healthsuite health",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "philips",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "106126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:philips:healthsuite_health:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "106126"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2018-19001",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2018-19001",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-129617",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "author": "NVD",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 0.9,
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Physical",
            "author": "NVD",
            "availabilityImpact": "Low",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-19001",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2018-19001",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-277",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-129617",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-129617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. Android for Philips HealthSuite Health The application contains a cryptographic strength vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nLocal attackers can exploit this issue to gain access to the sensitive information. Information obtained may lead to further attacks. An attacker could exploit this vulnerability to compromise the integrity and confidentiality of the device",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "BID",
        "id": "106126"
      },
      {
        "db": "VULHUB",
        "id": "VHN-129617"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "ICS CERT",
        "id": "ICSMA-18-340-01",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2018-19001",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "106126",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277",
        "trust": 0.7
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-98842",
        "trust": 0.1
      },
      {
        "db": "CNVD",
        "id": "CNVD-2020-53790",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-129617",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-129617"
      },
      {
        "db": "BID",
        "id": "106126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "id": "VAR-201812-0467",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-129617"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:43:31.138000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Philips HealthSuite Health Android App (6-December-2018)",
        "trust": 0.8,
        "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
      },
      {
        "title": "Philips HealthSuite Health Android App Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87544"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-129617"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-340-01"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/106126"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19001"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-19001"
      },
      {
        "trust": 0.3,
        "url": "http://www.usa.philips.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-129617"
      },
      {
        "db": "BID",
        "id": "106126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-129617"
      },
      {
        "db": "BID",
        "id": "106126"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-129617"
      },
      {
        "date": "2018-12-06T00:00:00",
        "db": "BID",
        "id": "106126"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "date": "2018-12-07T14:29:00.697000",
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "date": "2018-12-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-129617"
      },
      {
        "date": "2018-12-06T00:00:00",
        "db": "BID",
        "id": "106126"
      },
      {
        "date": "2019-02-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      },
      {
        "date": "2019-10-09T23:37:34.647000",
        "db": "NVD",
        "id": "CVE-2018-19001"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "106126"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Android for  Philips HealthSuite Health Vulnerability related to cryptographic strength in applications",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-013001"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-277"
      }
    ],
    "trust": 0.6
  }
}

GHSA-Q3JJ-G7J2-XCMC

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33

Details

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

Severity ?

4.3 (Medium)


                  
                    CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-19001"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-07T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.",
  "id": "GHSA-q3jj-g7j2-xcmc",
  "modified": "2022-05-13T01:33:39Z",
  "published": "2022-05-13T01:33:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19001"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106126"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2020-53790

Vulnerability from cnvd - Published: 2020-09-24

Title

Philips HealthSuite Health Android App存在未明漏洞

Description

Philips HealthSuite Health Android App是荷兰飞利浦（Philips）公司的一款基于Android平台的用于控制管理Philips可穿戴健康设备的应用程序。 Philips HealthSuite Health Android App中存在安全漏洞，该漏洞源于应用程序使用了较简单的加密。攻击者可利用该漏洞影响设备的完整性和保密性。

Severity

中

Patch Name

Philips HealthSuite Health Android App存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.usa.philips.com/healthcare/about/customer-support/product-security

Reference

http://www.securityfocus.com/bid/106126

Impacted products

Name
Philips HealthSuite Health Android App

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "106126"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-19001",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19001"
    }
  },
  "description": "Philips HealthSuite Health Android App\u662f\u8377\u5170\u98de\u5229\u6d66\uff08Philips\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u7528\u4e8e\u63a7\u5236\u7ba1\u7406Philips\u53ef\u7a7f\u6234\u5065\u5eb7\u8bbe\u5907\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\n\nPhilips HealthSuite Health Android App\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u4e86\u8f83\u7b80\u5355\u7684\u52a0\u5bc6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u8bbe\u5907\u7684\u5b8c\u6574\u6027\u548c\u4fdd\u5bc6\u6027\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.usa.philips.com/healthcare/about/customer-support/product-security",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-53790",
  "openTime": "2020-09-24",
  "patchDescription": "Philips HealthSuite Health Android App\u662f\u8377\u5170\u98de\u5229\u6d66\uff08Philips\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eAndroid\u5e73\u53f0\u7684\u7528\u4e8e\u63a7\u5236\u7ba1\u7406Philips\u53ef\u7a7f\u6234\u5065\u5eb7\u8bbe\u5907\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nPhilips HealthSuite Health Android App\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u4f7f\u7528\u4e86\u8f83\u7b80\u5355\u7684\u52a0\u5bc6\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cd\u8bbe\u5907\u7684\u5b8c\u6574\u6027\u548c\u4fdd\u5bc6\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Philips HealthSuite Health Android App\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Philips HealthSuite Health Android App"
  },
  "referenceLink": "http://www.securityfocus.com/bid/106126",
  "serverity": "\u4e2d",
  "submitTime": "2018-12-11",
  "title": "Philips HealthSuite Health Android App\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

FKIE_CVE-2018-19001

Vulnerability from fkie_nvd - Published: 2018-12-07 14:29 - Updated: 2024-11-21 03:57

Severity ?

4.3 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

References

URL	Tags
ics-cert@hq.dhs.gov	http://www.securityfocus.com/bid/106126	Third Party Advisory, VDB Entry
ics-cert@hq.dhs.gov	https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01	Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106126	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

	Vendor	Product	Version
	philips	healthsuite_health	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:philips:healthsuite_health:*:*:*:*:*:android:*:*",
              "matchCriteriaId": "EEB1F58C-5908-469F-9C76-CCAB35756556",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required."
    },
    {
      "lang": "es",
      "value": "Aplicaci\u00f3n de Philips HealthSuite Health para Android, en todas las versiones. El software emplea un cifrado simple que no es lo suficientemente fuerte para el nivel de protecci\u00f3n necesario."
    }
  ],
  "id": "CVE-2018-19001",
  "lastModified": "2024-11-21T03:57:08.453",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-12-07T14:29:00.697",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106126"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-19001

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.

Aliases

CVE-2018-19001

Aliases

CVE-2018-19001

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-19001",
    "description": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.",
    "id": "GSD-2018-19001"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-19001"
      ],
      "details": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.",
      "id": "GSD-2018-19001",
      "modified": "2023-12-13T01:22:38.977536Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "ID": "CVE-2018-19001",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Philips HealthSuite Health Android App",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "INADEQUATE ENCRYPTION STRENGTH CWE-326"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01"
          },
          {
            "name": "106126",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106126"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:philips:healthsuite_health:*:*:*:*:*:android:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2018-19001"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-326"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "US Government Resource",
                "Third Party Advisory"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-340-01"
            },
            {
              "name": "106126",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106126"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2019-10-09T23:37Z",
      "publishedDate": "2018-12-07T14:29Z"
    }
  }
}

ICSMA-18-340-01

Vulnerability from csaf_cisa - Published: 2018-12-06 00:00 - Updated: 2018-12-06 00:00

Summary

Philips HealthSuite Health Android App

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability may allow an attacker with physical access to impact confidentiality and integrity of the product.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

United States, Netherlands, Germany, United Kingdom

Company headquarters location

Netherlands

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "an anonymous party"
        ],
        "summary": "reporting this vulnerability to Philips"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability may allow an attacker with physical access to impact confidentiality and integrity of the product.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "United States, Netherlands, Germany, United Kingdom",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Netherlands",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-340-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-340-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-18-340-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-340-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Philips HealthSuite Health Android App",
    "tracking": {
      "current_release_date": "2018-12-06T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-18-340-01",
      "initial_release_date": "2018-12-06T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-12-06T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-18-340-01 Philips HealthSuite Health Android App"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "vers:all/*",
                "product": {
                  "name": "Philips HealthSuite Health Android App: All Versions",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Philips HealthSuite Health Android App"
          }
        ],
        "category": "vendor",
        "name": "Philips"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-19001",
      "cwe": {
        "id": "CWE-326",
        "name": "Inadequate Encryption Strength"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The software uses simple encryption that is not strong enough for the level of protection required.CVE-2018-19001 has been assigned to this vulnerability. A CVSS v3 base score of 3.5 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19001"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "A new release to mediate this vulnerability with be available during Quarter 1 of 2019.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "As an interim mitigation to this vulnerability, Philips recommends the following:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Philips advises against jail-breaking or rooting mobile devices. A jail-broken or rooted device means one that is modified outside the mobile device or operating system vendor supported or warranted configurations. Such devices have been freed from the limitations imposed by the mobile service provider and the phone manufacturer. This may affect the performance of the app, weaken the security of the device, and expose users to additional risks.",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Please see the Philips product security website for the latest security information for Philips products:",
          "product_ids": [
            "CSAFPID-0001"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.philips.com/productsecurity",
          "product_ids": [
            "CSAFPID-0001"
          ],
          "url": "https://www.philips.com/productsecurity"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-19001 (GCVE-0-2018-19001)

VAR-201812-0467

GHSA-Q3JJ-G7J2-XCMC

CNVD-2020-53790

FKIE_CVE-2018-19001

GSD-2018-19001

ICSMA-18-340-01

Tags

Sightings

Nomenclature