VAR-201808-0382
Vulnerability from variot - Updated: 2024-11-23 22:34In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. plural Philips PageWriter The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhilipsPageWriterTC10Cardiograph and other are different types of electrocardiograph equipment from Philips. An attacker could exploit the vulnerability to obtain sensitive information or execute arbitrary code. Failed attempts may lead to a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pagewriter tc50",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "pagewriter tc20",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "pagewriter tc30",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "pagewriter tc10",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "pagewriter tc70",
"scope": "eq",
"trust": 1.6,
"vendor": "philips",
"version": null
},
{
"model": "pagewriter tc70 cardiograph",
"scope": "eq",
"trust": 0.9,
"vendor": "philips",
"version": "0"
},
{
"model": "pagewriter tc50 cardiograph",
"scope": "eq",
"trust": 0.9,
"vendor": "philips",
"version": "0"
},
{
"model": "pagewriter tc30 cardiograph",
"scope": "eq",
"trust": 0.9,
"vendor": "philips",
"version": "0"
},
{
"model": "pagewriter tc20 cardiograph",
"scope": "eq",
"trust": 0.9,
"vendor": "philips",
"version": "0"
},
{
"model": "pagewriter tc10 cardiograph",
"scope": "eq",
"trust": 0.9,
"vendor": "philips",
"version": "0"
},
{
"model": "pagewriter tc10",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "2018/05"
},
{
"model": "pagewriter tc20",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "2018/05"
},
{
"model": "pagewriter tc30",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "2018/05"
},
{
"model": "pagewriter tc50",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "2018/05"
},
{
"model": "pagewriter tc70",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "2018/05"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pagewriter tc70",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pagewriter tc50",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pagewriter tc30",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pagewriter tc20",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "pagewriter tc10",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "BID",
"id": "105103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-566"
},
{
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:philips:pagewriter_tc10_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:pagewriter_tc20_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:pagewriter_tc30_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:pagewriter_tc50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:philips:pagewriter_tc70_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "105103"
}
],
"trust": 0.3
},
"cve": "CVE-2018-14799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2018-14799",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2018-15733",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-124994",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 0.3,
"id": "CVE-2018-14799",
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-14799",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2018-14799",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2018-15733",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201808-566",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1",
"trust": 0.2,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-124994",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "VULHUB",
"id": "VHN-124994"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-566"
},
{
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. plural Philips PageWriter The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhilipsPageWriterTC10Cardiograph and other are different types of electrocardiograph equipment from Philips. An attacker could exploit the vulnerability to obtain sensitive information or execute arbitrary code. Failed attempts may lead to a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-14799"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "BID",
"id": "105103"
},
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-124994"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-14799",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-18-228-01",
"trust": 3.4
},
{
"db": "BID",
"id": "105103",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201808-566",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-15733",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732",
"trust": 0.8
},
{
"db": "IVD",
"id": "E2F8120F-39AB-11E9-8584-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-124994",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "VULHUB",
"id": "VHN-124994"
},
{
"db": "BID",
"id": "105103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-566"
},
{
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"id": "VAR-201808-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "VULHUB",
"id": "VHN-124994"
}
],
"trust": 1.7333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15733"
}
]
},
"last_update_date": "2024-11-23T22:34:08.669000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Philips PageWriter TC Series (16-August-2018)",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "A number of Philips products incorrectly verify patches for vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/138011"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
},
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-134",
"trust": 1.0
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-124994"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-228-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105103"
},
{
"trust": 1.7,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14799"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14799"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsma-18-228-01"
},
{
"trust": 0.3,
"url": "http://www.usa.philips.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "VULHUB",
"id": "VHN-124994"
},
{
"db": "BID",
"id": "105103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-566"
},
{
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"db": "VULHUB",
"id": "VHN-124994"
},
{
"db": "BID",
"id": "105103"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-566"
},
{
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"date": "2018-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-124994"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105103"
},
{
"date": "2018-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"date": "2018-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-566"
},
{
"date": "2018-08-22T18:29:00.543000",
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15733"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-124994"
},
{
"date": "2018-08-16T00:00:00",
"db": "BID",
"id": "105103"
},
{
"date": "2018-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-009732"
},
{
"date": "2020-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201808-566"
},
{
"date": "2024-11-21T03:49:49.167000",
"db": "NVD",
"id": "CVE-2018-14799"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201808-566"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips PageWriter Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-009732"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Format string error",
"sources": [
{
"db": "IVD",
"id": "e2f8120f-39ab-11e9-8584-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201808-566"
}
],
"trust": 0.8
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…