Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-10597 (GCVE-0-2018-10597)
Vulnerability from cvelistv5 – Published: 2018-06-05 20:00 – Updated: 2024-09-16 23:46
VLAI
EPSS
Summary
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
Severity
No CVSS data available.
CWE
- CWE-287 - IMPROPER AUTHENTICATION CWE-287
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ICS-CERT | IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors |
Affected:
The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3
|
Date Public
2018-06-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:39:08.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3"
}
]
}
],
"datePublic": "2018-06-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "IMPROPER AUTHENTICATION CWE-287",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-05T19:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2018-10597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors",
"version": {
"version_data": [
{
"version_value": "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2018-10597",
"datePublished": "2018-06-05T20:00:00.000Z",
"dateReserved": "2018-05-01T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:46:22.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-10597",
"date": "2026-05-25",
"epss": "0.00126",
"percentile": "0.31366"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-10597\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2018-06-05T20:29:00.827\",\"lastModified\":\"2024-11-21T03:41:37.970\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\\\"write-what-where\\\") from an attacker-chosen device address within the same subnet.\"},{\"lang\":\"es\",\"value\":\"IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M y (X3/MX100 solo para Rev M) y Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 con software Revisions F.0, G.0 y J.3 tienen una vulnerabilidad que permite que un atacante no autenticado acceda a memoria (\\\"write-what-where\\\") desde una direcci\u00f3n del dispositivo escogida por el atacante en la misma subred.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":5.4,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":5.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4DC680B-B8F8-4FAA-B4C3-D36003BDDCCA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9178E4C-8965-496C-9FF7-1DF87371DC48\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E42604C2-7CB6-42AC-9272-CFABFC4DC85A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29626D40-46F7-485F-A700-070424820F16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314F12E4-D613-43C4-9B14-5FC9F598AD55\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E089B9E5-8B28-4DBA-A5D0-B6BBB7D5F3E8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EE71984-367F-428F-AD0E-D168F76A2002\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7216177F-179D-451E-ABC3-C1843AF0D35F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41A04EC9-FAC7-4C36-8E95-4BDC1E0702FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3F608D38-1096-41F9-9EB5-854C79068144\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A47C624-AF39-4BE2-9484-54A5E51A784B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C202FA49-1CC4-46E6-AA11-3EAB17008AA2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43C2466F-A371-4386-B098-F724D5CD14CB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDF21FA3-9650-442F-8E13-281A9975C47B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9C6A5F3-C845-4561-A451-DC3C966E8D8C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C38B732B-8629-40FE-A333-E69A7F2CFB18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F21718-A0DE-419E-B82D-447ADC337E30\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27B8D0E2-316A-45E5-8FC1-AE70F07DB7FA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C337EAF0-41E9-4BF3-8483-6FC74EA93B5A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E73CF245-4519-4F35-A5EE-74981E0BDB9F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E119897D-9FB5-461C-8463-EBA3CFC87855\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0CEB056-7422-4E4E-86A5-D58311129788\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D72DF93-DF02-411D-80BE-85286F553B1E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B03E7D9-01DC-492F-BA52-9165E78BE498\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"708EB7F4-9747-4B0C-937D-F1ED07300FAE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F68AF067-6802-40E7-9D34-03D83D9F3E77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D7C4F77-6005-4AAA-83CA-CA9F60043A7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D2A5BBF-C360-4281-AD34-C0941831DA64\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:avalon_fetal\\\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3834798-6741-4274-B5C5-0CA2C13A7B12\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:avalon_fetal\\\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A418F05-18B3-405E-A62C-4D9677C297DB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:avalon_fetal\\\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5634CF44-3593-4D58-8B72-D3DA253530F8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:avalon_fetal\\\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C74CF2F-501F-4D18-82C7-4D25D42905E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:avalon_fetal\\\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55DCC271-9428-4A34-B2C8-DA3CCB74D2DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:avalon_fetal\\\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FD8C562-C918-47DF-AFEB-4CFA53DE3D22\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:avalon_fetal\\\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AB9A60A-D567-4B7A-A73A-AA566CAD739A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:avalon_fetal\\\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D192DA1-C9F4-4666-B0E3-6B0529E3BF3B\"}]}]}],\"references\":[{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
CNVD-2018-11071
Vulnerability from cnvd - Published: 2018-06-08
VLAI
Title
多款Philips产品未授权访问漏洞
Description
Philips IntelliVue Patient Monitors MP2等都是荷兰飞利浦(Philips)公司的产品。Philips IntelliVue Patient Monitors MP2是一款MP系列的病人监护仪设备。Avalon Fetal/Maternal Monitors FM20是一款母婴监护仪设备。
多款Philips产品中存在未授权访问漏洞。攻击者可利用该漏洞从其选定的设备地址(同一子网络内)中访问内存。
Severity
中
Patch Name
多款Philips产品未授权访问漏洞的补丁
Patch Description
Philips IntelliVue Patient Monitors MP2等都是荷兰飞利浦(Philips)公司的产品。Philips IntelliVue Patient Monitors MP2是一款MP系列的病人监护仪设备。Avalon Fetal/Maternal Monitors FM20是一款母婴监护仪设备。
多款Philips产品中存在未授权访问漏洞。攻击者可利用该漏洞从其选定的设备地址(同一子网络内)中访问内存。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://www.philips.com
Reference
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
https://www.philips.com/productsecurity
Impacted products
| Name | ['Philips Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 F.0', 'Philips Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 G.0', 'Philips Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 J.3', 'Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 >=B,<=M', 'Philips IntelliVue Patient Monitors MX400-550 >=J,<=M', 'Philips IntelliVue Patient MonitorsX3/MX100 M'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2018-10597"
}
},
"description": "Philips IntelliVue Patient Monitors MP2\u7b49\u90fd\u662f\u8377\u5170\u98de\u5229\u6d66\uff08Philips\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Philips IntelliVue Patient Monitors MP2\u662f\u4e00\u6b3eMP\u7cfb\u5217\u7684\u75c5\u4eba\u76d1\u62a4\u4eea\u8bbe\u5907\u3002Avalon Fetal/Maternal Monitors FM20\u662f\u4e00\u6b3e\u6bcd\u5a74\u76d1\u62a4\u4eea\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3ePhilips\u4ea7\u54c1\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u5176\u9009\u5b9a\u7684\u8bbe\u5907\u5730\u5740\uff08\u540c\u4e00\u5b50\u7f51\u7edc\u5185\uff09\u4e2d\u8bbf\u95ee\u5185\u5b58\u3002",
"discovererName": "Oran Avraham",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.philips.com",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-11071",
"openTime": "2018-06-08",
"patchDescription": "Philips IntelliVue Patient Monitors MP2\u7b49\u90fd\u662f\u8377\u5170\u98de\u5229\u6d66\uff08Philips\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Philips IntelliVue Patient Monitors MP2\u662f\u4e00\u6b3eMP\u7cfb\u5217\u7684\u75c5\u4eba\u76d1\u62a4\u4eea\u8bbe\u5907\u3002Avalon Fetal/Maternal Monitors FM20\u662f\u4e00\u6b3e\u6bcd\u5a74\u76d1\u62a4\u4eea\u8bbe\u5907\u3002\r\n\r\n\u591a\u6b3ePhilips\u4ea7\u54c1\u4e2d\u5b58\u5728\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u5176\u9009\u5b9a\u7684\u8bbe\u5907\u5730\u5740\uff08\u540c\u4e00\u5b50\u7f51\u7edc\u5185\uff09\u4e2d\u8bbf\u95ee\u5185\u5b58\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3ePhilips\u4ea7\u54c1\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Philips Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 F.0",
"Philips Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 G.0",
"Philips Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 J.3",
"Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 \u003e=B\uff0c\u003c=M",
"Philips IntelliVue Patient Monitors MX400-550 \u003e=J\uff0c\u003c=M",
"Philips IntelliVue Patient MonitorsX3/MX100 M"
]
},
"referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01\r\nhttps://www.philips.com/productsecurity",
"serverity": "\u4e2d",
"submitTime": "2018-06-06",
"title": "\u591a\u6b3ePhilips\u4ea7\u54c1\u672a\u6388\u6743\u8bbf\u95ee\u6f0f\u6d1e"
}
FKIE_CVE-2018-10597
Vulnerability from fkie_nvd - Published: 2018-06-05 20:29 - Updated: 2024-11-21 03:41
Severity
Summary
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 | Third Party Advisory, US Government Resource |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DC680B-B8F8-4FAA-B4C3-D36003BDDCCA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9178E4C-8965-496C-9FF7-1DF87371DC48",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E42604C2-7CB6-42AC-9272-CFABFC4DC85A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29626D40-46F7-485F-A700-070424820F16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "314F12E4-D613-43C4-9B14-5FC9F598AD55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E089B9E5-8B28-4DBA-A5D0-B6BBB7D5F3E8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EE71984-367F-428F-AD0E-D168F76A2002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7216177F-179D-451E-ABC3-C1843AF0D35F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "41A04EC9-FAC7-4C36-8E95-4BDC1E0702FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F608D38-1096-41F9-9EB5-854C79068144",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A47C624-AF39-4BE2-9484-54A5E51A784B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C202FA49-1CC4-46E6-AA11-3EAB17008AA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43C2466F-A371-4386-B098-F724D5CD14CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF21FA3-9650-442F-8E13-281A9975C47B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C6A5F3-C845-4561-A451-DC3C966E8D8C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38B732B-8629-40FE-A333-E69A7F2CFB18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58F21718-A0DE-419E-B82D-447ADC337E30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B8D0E2-316A-45E5-8FC1-AE70F07DB7FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C337EAF0-41E9-4BF3-8483-6FC74EA93B5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E73CF245-4519-4F35-A5EE-74981E0BDB9F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E119897D-9FB5-461C-8463-EBA3CFC87855",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CEB056-7422-4E4E-86A5-D58311129788",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D72DF93-DF02-411D-80BE-85286F553B1E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B03E7D9-01DC-492F-BA52-9165E78BE498",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "708EB7F4-9747-4B0C-937D-F1ED07300FAE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F68AF067-6802-40E7-9D34-03D83D9F3E77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7C4F77-6005-4AAA-83CA-CA9F60043A7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2A5BBF-C360-4281-AD34-C0941831DA64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3834798-6741-4274-B5C5-0CA2C13A7B12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A418F05-18B3-405E-A62C-4D9677C297DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5634CF44-3593-4D58-8B72-D3DA253530F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C74CF2F-501F-4D18-82C7-4D25D42905E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55DCC271-9428-4A34-B2C8-DA3CCB74D2DD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FD8C562-C918-47DF-AFEB-4CFA53DE3D22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB9A60A-D567-4B7A-A73A-AA566CAD739A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D192DA1-C9F4-4666-B0E3-6B0529E3BF3B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
},
{
"lang": "es",
"value": "IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M y (X3/MX100 solo para Rev M) y Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 con software Revisions F.0, G.0 y J.3 tienen una vulnerabilidad que permite que un atacante no autenticado acceda a memoria (\"write-what-where\") desde una direcci\u00f3n del dispositivo escogida por el atacante en la misma subred."
}
],
"id": "CVE-2018-10597",
"lastModified": "2024-11-21T03:41:37.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-05T20:29:00.827",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-4G7J-FJGW-F3QW
Vulnerability from github – Published: 2022-05-13 01:10 – Updated: 2022-05-13 01:10
VLAI
Details
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
Severity
8.3 (High)
{
"affected": [],
"aliases": [
"CVE-2018-10597"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-05T20:29:00Z",
"severity": "HIGH"
},
"details": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet.",
"id": "GHSA-4g7j-fjgw-f3qw",
"modified": "2022-05-13T01:10:21Z",
"published": "2022-05-13T01:10:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10597"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-10597
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-10597",
"description": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet.",
"id": "GSD-2018-10597"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-10597"
],
"details": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet.",
"id": "GSD-2018-10597",
"modified": "2023-12-13T01:22:41.546717Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2018-10597",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors",
"version": {
"version_data": [
{
"version_value": "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm30:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm40:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:philips:avalon_fetal\\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:philips:avalon_fetal\\/maternal_monitors_fm50:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-10597"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
},
"lastModifiedDate": "2021-05-10T15:08Z",
"publishedDate": "2018-06-05T20:29Z"
}
}
}
ICSMA-18-156-01
Vulnerability from csaf_cisa - Published: 2018-06-05 00:00 - Updated: 2018-06-05 00:00Summary
Philips' IntelliVue Patient and Avalon Fetal Monitors
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation may allow an attacker to read/write memory, and/or induce a denial of service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.
Critical infrastructure sectors: Healthcare and Public Health
Countries/areas deployed: Worldwide
Company headquarters location: Netherlands
Recommended Practices: NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Exploitability: No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable from within the same local device subnet. High skill level is needed to exploit.
8.3 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50: with software Revisions F.0 G.0 and J.3
Philips / Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50
|
F.0.G.0 | J.3 |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
|
|
IntelliVue Patient Monitors MX (MX400-550): Rev J-M and (X3/MX100 for Rev M only)
Philips / IntelliVue Patient Monitors MX (MX400-550)
|
Rev J-M | (X3/MX100 for Rev M only) |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
|
|
IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800): Rev B-M
Philips / IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800)
|
Rev B-M |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
6.4 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50: with software Revisions F.0 G.0 and J.3
Philips / Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50
|
F.0.G.0 | J.3 |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
|
|
IntelliVue Patient Monitors MX (MX400-550): Rev J-M and (X3/MX100 for Rev M only)
Philips / IntelliVue Patient Monitors MX (MX400-550)
|
Rev J-M | (X3/MX100 for Rev M only) |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
|
|
IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800): Rev B-M
Philips / IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800)
|
Rev B-M |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
8.2 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50: with software Revisions F.0 G.0 and J.3
Philips / Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50
|
F.0.G.0 | J.3 |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
|
|
IntelliVue Patient Monitors MX (MX400-550): Rev J-M and (X3/MX100 for Rev M only)
Philips / IntelliVue Patient Monitors MX (MX400-550)
|
Rev J-M | (X3/MX100 for Rev M only) |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
|
|
IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800): Rev B-M
Philips / IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800)
|
Rev B-M |
Vendor Fix
Vendor Fix
fix
Vendor Fix
Vendor Fix
fix
Vendor Fix
|
References
11 references
Acknowledgments
Medigate
Oran Avraham
Philips
{
"document": {
"acknowledgments": [
{
"names": [
"Oran Avraham"
],
"organization": "Medigate",
"summary": "reporting these vulnerabilities to NCCIC"
},
{
"organization": "Philips",
"summary": "reporting these vulnerabilities to NCCIC"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation may allow an attacker to read/write memory, and/or induce a denial of service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Healthcare and Public Health",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Netherlands",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable from within the same local device subnet. High skill level is needed to exploit.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSMA-18-156-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsma-18-156-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSMA-18-156-01 Web Version",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-156-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-156-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/content/recommended-practices"
}
],
"title": "Philips\u0027 IntelliVue Patient and Avalon Fetal Monitors",
"tracking": {
"current_release_date": "2018-06-05T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSMA-18-156-01",
"initial_release_date": "2018-06-05T00:00:00.000000Z",
"revision_history": [
{
"date": "2018-06-05T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSMA-18-156-01 Philips\u0027 IntelliVue Patient and Avalon Fetal Monitors"
},
{
"date": "2018-06-05T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSMA-18-156-01 Philips\u0027 IntelliVue Patient and Avalon Fetal Monitors (Update A)"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "F.0.G.0 | J.3",
"product": {
"name": "Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50: with software Revisions F.0 G.0 and J.3",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev J-M | (X3/MX100 for Rev M only)",
"product": {
"name": "IntelliVue Patient Monitors MX (MX400-550): Rev J-M and (X3/MX100 for Rev M only)",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "IntelliVue Patient Monitors MX (MX400-550)"
},
{
"branches": [
{
"category": "product_version",
"name": "Rev B-M",
"product": {
"name": "IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800): Rev B-M",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800)"
}
],
"category": "vendor",
"name": "Philips"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10597",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "The vulnerability allows an unauthenticated attacker to access memory (write-what-where) from an attacker-chosen device address within the same subnet.CVE-2018-10597 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10597"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips will provide a remediation patch for specific supported versions, as well as an upgrade path for all versions. Philips will communicate service options to all affected install-base users.Philips recommends users obtain associated field change and service bulletin information from Philips by accessing their InCenter account at this location:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "http://incenter.medical.philips.com (link is external).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest public security information on this matter and for other Philips products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "https://www.philips.com/productsecurity (link is external).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Philips provides the following mitigations for these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2018-10599",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "The vulnerability allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.CVE-2018-10599 has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10599"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips will provide a remediation patch for specific supported versions, as well as an upgrade path for all versions. Philips will communicate service options to all affected install-base users.Philips recommends users obtain associated field change and service bulletin information from Philips by accessing their InCenter account at this location:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "http://incenter.medical.philips.com (link is external).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest public security information on this matter and for other Philips products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "https://www.philips.com/productsecurity (link is external).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Philips provides the following mitigations for these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
},
{
"cve": "CVE-2018-10601",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "summary",
"text": "The vulnerability exposes an echo service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.CVE-2018-10601 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10601"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Philips will provide a remediation patch for specific supported versions, as well as an upgrade path for all versions. Philips will communicate service options to all affected install-base users.Philips recommends users obtain associated field change and service bulletin information from Philips by accessing their InCenter account at this location:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "http://incenter.medical.philips.com (link is external).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "http://incenter.medical.philips.com"
},
{
"category": "vendor_fix",
"details": "Please see the Philips product security website for the latest public security information on this matter and for other Philips products:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "https://www.philips.com/productsecurity (link is external).",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
],
"url": "https://www.philips.com/productsecurity"
},
{
"category": "vendor_fix",
"details": "Philips provides the following mitigations for these vulnerabilities:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003"
]
}
]
}
]
}
VAR-201806-0568
Vulnerability from variot - Updated: 2024-11-23 22:55IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. plural Philips The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. Unauthorized access vulnerabilities exist in several Philips products. An attacker could exploit the vulnerability to access memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0568",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "avalon fetal\\/maternal monitors fm20",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm40",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm30",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal\\/maternal monitors fm50",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx450",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp30",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp50",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx550",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx800",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp2",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx700",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mp70",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx500",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue x3",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx400",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue np90",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "intellivue mx100",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm40",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp30",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp50",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp70",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx400",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx700",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx800",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors np90",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x2",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 f.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 g.0",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "avalon fetal/maternal monitors fm20/fm30/fm40/fm50 j.3",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mp2/x2/mp30/mp50/mp70/np90/mx700/800 \u003e=b,\u003c=m",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx400-550 \u003e=j,\u003c=m",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitorsx3/mx100 m",
"scope": null,
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx800",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx550",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors x3",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx500",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx100",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": "intellivue patient monitors mx450",
"scope": "eq",
"trust": 0.6,
"vendor": "philips",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx450",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx500",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx550",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x3",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx100",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm20",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm40",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "avalon fetal maternal monitors fm50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors x2",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mp70",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors np90",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx700",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx800",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellivue patient monitors mx400",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:philips:avalon_fetal%2fmaternal_monitors_fm20_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:avalon_fetal%2fmaternal_monitors_fm30_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:avalon_fetal%2fmaternal_monitors_fm40_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:avalon_fetal%2fmaternal_monitors_fm50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mp2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mp30_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mp50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mp70_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mx100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mx400_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mx450_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mx500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mx550_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mx700_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_mx800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_np90_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_x2_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:intellivue_patient_monitors_x3_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
}
]
},
"cve": "CVE-2018-10597",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2018-10597",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-11071",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "VHN-120372",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-10597",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-10597",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10597",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-10597",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-11071",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-305",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-120372",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (\"write-what-where\") from an attacker-chosen device address within the same subnet. plural Philips The product contains authentication vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. Unauthorized access vulnerabilities exist in several Philips products. An attacker could exploit the vulnerability to access memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10597"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-120372"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10597",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-18-156-01",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2018-11071",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F21E9E-39AB-11E9-AB1D-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-120372",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"id": "VAR-201806-0568",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
}
],
"trust": 1.9
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
}
]
},
"last_update_date": "2024-11-23T22:55:52.292000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare"
},
{
"title": "Patches for unauthorized access to a number of Philips products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/131447"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-156-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10597"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10597"
},
{
"trust": 0.6,
"url": "https://www.philips.com/productsecurity"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"db": "VULHUB",
"id": "VHN-120372"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
},
{
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "IVD",
"id": "e2f21e9e-39ab-11e9-ab1d-000c29342cb1"
},
{
"date": "2018-06-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"date": "2018-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-120372"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"date": "2018-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-305"
},
{
"date": "2018-06-05T20:29:00.827000",
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-11071"
},
{
"date": "2020-09-04T00:00:00",
"db": "VULHUB",
"id": "VHN-120372"
},
{
"date": "2018-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006286"
},
{
"date": "2020-09-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-305"
},
{
"date": "2024-11-21T03:41:37.970000",
"db": "NVD",
"id": "CVE-2018-10597"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-305"
}
],
"trust": 0.6
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…