var-201806-0568
Vulnerability from variot
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. plural Philips The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. Unauthorized access vulnerabilities exist in several Philips products. An attacker could exploit the vulnerability to access memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201806-0568", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "avalon fetal\\/maternal monitors fm30", "scope": "eq", "trust": 1.6, "vendor": "philips", "version": null }, { "model": "avalon fetal\\/maternal monitors fm50", "scope": "eq", "trust": 1.6, "vendor": "philips", "version": null }, { "model": "avalon fetal\\/maternal monitors fm20", "scope": "eq", "trust": 1.6, "vendor": "philips", "version": null }, { "model": "avalon fetal\\/maternal monitors fm40", "scope": "eq", "trust": 1.6, "vendor": "philips", "version": null }, { "model": "intellivue mx700", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mx450", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue np90", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mx100", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mx500", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mx550", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mp70", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mp50", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mx400", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mp2", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue x3", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue x2", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mx800", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "intellivue mp30", "scope": "eq", "trust": 1.0, "vendor": "philips", "version": null }, { "model": "avalon fetal/maternal monitors fm20", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "avalon fetal/maternal monitors fm30", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "avalon fetal/maternal monitors fm40", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "avalon fetal/maternal monitors fm50", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mp2", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mp30", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mp50", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mp70", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx100", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx400", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx450", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx500", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx550", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx700", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx800", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors np90", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors x2", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors x3", "scope": null, "trust": 0.8, "vendor": "philips", "version": null }, { "model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 f.0", "scope": null, "trust": 0.6, "vendor": "philips", "version": null }, { "model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 g.0", "scope": null, "trust": 0.6, "vendor": "philips", "version": null }, { "model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 j.3", "scope": null, "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mp2/x2/mp30/mp50/mp70/np90/mx700/800 \u003e=b,\u003c=m", "scope": null, "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx400-550 \u003e=j,\u003c=m", "scope": null, "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitorsx3/mx100 m", "scope": null, "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx800", "scope": "eq", "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx550", "scope": "eq", "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors x3", "scope": "eq", "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx500", "scope": "eq", "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx100", "scope": "eq", "trust": 0.6, "vendor": "philips", "version": null }, { "model": "intellivue patient monitors mx450", "scope": "eq", "trust": 0.6, "vendor": "philips", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mp2", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mx450", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mx500", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mx550", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors x3", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mx100", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "avalon fetal maternal monitors fm20", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "avalon fetal maternal monitors fm30", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "avalon fetal maternal monitors fm40", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "avalon fetal maternal monitors fm50", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors x2", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mp30", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mp50", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mp70", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors np90", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mx700", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mx800", "version": null }, { "model": null, "scope": "eq", "trust": 0.2, "vendor": "intellivue patient monitors mx400", "version": null } ], "sources": [ { "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "db": "NVD", "id": "CVE-2018-10597" }, { "db": "CNNVD", "id": "CNNVD-201806-305" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2018-10597" } ] }, "cve": "CVE-2018-10597", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Adjacent Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 5.4, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2018-10597", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.2, "id": "CNVD-2018-11071", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "IVD", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.2, "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 5.4, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 5.5, "id": "VHN-120372", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.6, "impactScore": 6.0, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "High", "attackVector": "Adjacent Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 8.3, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2018-10597", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2018-10597", "trust": 1.8, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2018-11071", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201806-305", "trust": 0.6, "value": "HIGH" }, { "author": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1", "trust": 0.2, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-120372", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "VULHUB", "id": "VHN-120372" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "db": "NVD", "id": "CVE-2018-10597" }, { "db": "CNNVD", "id": "CNNVD-201806-305" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet. plural Philips The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. Unauthorized access vulnerabilities exist in several Philips products. An attacker could exploit the vulnerability to access memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions", "sources": [ { "db": "NVD", "id": "CVE-2018-10597" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "db": "VULHUB", "id": "VHN-120372" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2018-10597", "trust": 3.3 }, { "db": "ICS CERT", "id": "ICSMA-18-156-01", "trust": 3.1 }, { "db": "CNVD", "id": "CNVD-2018-11071", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201806-305", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2018-006286", "trust": 0.8 }, { "db": "IVD", "id": "E2F21E9E-39AB-11E9-AB1D-000C29342CB1", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-120372", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "VULHUB", "id": "VHN-120372" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "db": "NVD", "id": "CVE-2018-10597" }, { "db": "CNNVD", "id": "CNNVD-201806-305" } ] }, "id": "VAR-201806-0568", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "VULHUB", "id": "VHN-120372" } ], "trust": 1.9 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS", "Network device" ], "sub_category": null, "trust": 0.6 }, { "category": [ "ICS" ], "sub_category": null, "trust": 0.2 } ], "sources": [ { "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11071" } ] }, "last_update_date": "2023-12-18T12:36:45.342000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Top Page", "trust": 0.8, "url": "https://www.usa.philips.com/healthcare" }, { "title": "Patches for unauthorized access to a number of Philips products", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/131447" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.1 }, { "problemtype": "CWE-287", "trust": 0.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-120372" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "db": "NVD", "id": "CVE-2018-10597" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.1, "url": "https://ics-cert.us-cert.gov/advisories/icsma-18-156-01" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10597" }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10597" }, { "trust": 0.6, "url": "https://www.philips.com/productsecurity" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "VULHUB", "id": "VHN-120372" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "db": "NVD", "id": "CVE-2018-10597" }, { "db": "CNNVD", "id": "CNNVD-201806-305" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "db": "CNVD", "id": "CNVD-2018-11071" }, { "db": "VULHUB", "id": "VHN-120372" }, { "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "db": "NVD", "id": "CVE-2018-10597" }, { "db": "CNNVD", "id": "CNNVD-201806-305" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-06-07T00:00:00", "db": "IVD", "id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1" }, { "date": "2018-06-08T00:00:00", "db": "CNVD", "id": "CNVD-2018-11071" }, { "date": "2018-06-05T00:00:00", "db": "VULHUB", "id": "VHN-120372" }, { "date": "2018-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "date": "2018-06-05T20:29:00.827000", "db": "NVD", "id": "CVE-2018-10597" }, { "date": "2018-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201806-305" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-06-07T00:00:00", "db": "CNVD", "id": "CNVD-2018-11071" }, { "date": "2020-09-04T00:00:00", "db": "VULHUB", "id": "VHN-120372" }, { "date": "2018-08-15T00:00:00", "db": "JVNDB", "id": "JVNDB-2018-006286" }, { "date": "2021-05-10T15:08:11.710000", "db": "NVD", "id": "CVE-2018-10597" }, { "date": "2020-09-07T00:00:00", "db": "CNNVD", "id": "CNNVD-201806-305" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote or local", "sources": [ { "db": "CNNVD", "id": "CNNVD-201806-305" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "plural Philips Authentication vulnerabilities in products", "sources": [ { "db": "JVNDB", "id": "JVNDB-2018-006286" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201806-305" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.