Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for pagewriter_tc30_firmware by philips

    CVE-2018-14801 (GCVE-0-2018-14801)

    Vulnerability from nvd – Published: 2018-08-22 18:00 – Updated: 2024-09-17 01:36
    VLAI
    Summary
    In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs Affected: All versions prior to May 2018.
    Create a notification for this product.
    Date Public
    2018-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "105103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to May 2018."
                }
              ]
            }
          ],
          "datePublic": "2018-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-23T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "105103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-08-16T00:00:00",
              "ID": "CVE-2018-14801",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to May 2018."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
                },
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "105103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14801",
        "datePublished": "2018-08-22T18:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:36:43.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14799 (GCVE-0-2018-14799)

    Vulnerability from nvd – Published: 2018-08-22 18:00 – Updated: 2024-09-17 02:52
    VLAI
    Summary
    In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs Affected: All versions prior to May 2018.
    Create a notification for this product.
    Date Public
    2018-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "105103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to May 2018."
                }
              ]
            }
          ],
          "datePublic": "2018-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-23T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "105103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-08-16T00:00:00",
              "ID": "CVE-2018-14799",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to May 2018."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
                },
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "105103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14799",
        "datePublished": "2018-08-22T18:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:52:10.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14799 (GCVE-0-2018-14799)

    Vulnerability from cvelistv5 – Published: 2018-08-22 18:00 – Updated: 2024-09-17 02:52
    VLAI
    Summary
    In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs Affected: All versions prior to May 2018.
    Create a notification for this product.
    Date Public
    2018-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.905Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "105103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to May 2018."
                }
              ]
            }
          ],
          "datePublic": "2018-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-23T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "105103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-08-16T00:00:00",
              "ID": "CVE-2018-14799",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to May 2018."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
                },
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "105103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14799",
        "datePublished": "2018-08-22T18:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:52:10.387Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-14801 (GCVE-0-2018-14801)

    Vulnerability from cvelistv5 – Published: 2018-08-22 18:00 – Updated: 2024-09-17 01:36
    VLAI
    Summary
    In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
    Severity
    No CVSS data available.
    CWE
    • CWE-798 - USE OF HARD-CODED CREDENTIALS CWE-798
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs Affected: All versions prior to May 2018.
    Create a notification for this product.
    Date Public
    2018-08-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T09:38:13.977Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "105103",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105103"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "All versions prior to May 2018."
                }
              ]
            }
          ],
          "datePublic": "2018-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "USE OF HARD-CODED CREDENTIALS CWE-798",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-23T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "105103",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105103"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-08-16T00:00:00",
              "ID": "CVE-2018-14801",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All versions prior to May 2018."
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
                },
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "105103",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105103"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-14801",
        "datePublished": "2018-08-22T18:00:00.000Z",
        "dateReserved": "2018-08-01T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:36:43.400Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }