VAR-201811-0099
Vulnerability from variot - Updated: 2024-11-23 23:04Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. Philips iSite PACS and IntelliSpace PACS Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An access bypass vulnerability exists in Philips iSite PACS and IntelliSpace PACS that an attacker can use to control the components of the system. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201811-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "isite pacs",
"scope": null,
"trust": 1.4,
"vendor": "philips",
"version": null
},
{
"model": "intellispace pacs",
"scope": null,
"trust": 1.4,
"vendor": "philips",
"version": null
},
{
"model": "intellispace pacs",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "*"
},
{
"model": "isite pacs",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "*"
},
{
"model": "isite pacs",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "0"
},
{
"model": "intellispace pacs",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "intellispace pacs",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "isite pacs",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"db": "BID",
"id": "105875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:philips:intellispace_pacs",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:philips:isite_pacs",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "105875"
}
],
"trust": 0.3
},
"cve": "CVE-2018-17906",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2018-17906",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-26105",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "7d82d141-463f-11e9-bb42-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-128412",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-17906",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17906",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-17906",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-17906",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-26105",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-128412",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"db": "VULHUB",
"id": "VHN-128412"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-201"
},
{
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. Philips iSite PACS and IntelliSpace PACS Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An access bypass vulnerability exists in Philips iSite PACS and IntelliSpace PACS that an attacker can use to control the components of the system. \nSuccessfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17906"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"db": "BID",
"id": "105875"
},
{
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-128412"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17906",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-18-312-01",
"trust": 3.4
},
{
"db": "BID",
"id": "105875",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201811-201",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2018-26105",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D82D141-463F-11E9-BB42-000C29342CB1",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-98859",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-128412",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"db": "VULHUB",
"id": "VHN-128412"
},
{
"db": "BID",
"id": "105875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-201"
},
{
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"id": "VAR-201811-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"db": "VULHUB",
"id": "VHN-128412"
}
],
"trust": 1.525
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26105"
}
]
},
"last_update_date": "2024-11-23T23:04:56.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.philips.com/global"
},
{
"title": "Philips iSite PACS and IntelliSpace PACS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86673"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-1188",
"trust": 1.0
},
{
"problemtype": "CWE-521",
"trust": 1.0
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128412"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-18-312-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105875"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17906"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17906"
},
{
"trust": 0.3,
"url": "http://www.usa.philips.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"db": "VULHUB",
"id": "VHN-128412"
},
{
"db": "BID",
"id": "105875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-201"
},
{
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"db": "VULHUB",
"id": "VHN-128412"
},
{
"db": "BID",
"id": "105875"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-201"
},
{
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-21T00:00:00",
"db": "IVD",
"id": "7d82d141-463f-11e9-bb42-000c29342cb1"
},
{
"date": "2018-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"date": "2018-11-19T00:00:00",
"db": "VULHUB",
"id": "VHN-128412"
},
{
"date": "2018-11-08T00:00:00",
"db": "BID",
"id": "105875"
},
{
"date": "2019-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"date": "2018-11-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-201"
},
{
"date": "2018-11-19T20:29:00.703000",
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-26105"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULHUB",
"id": "VHN-128412"
},
{
"date": "2018-11-08T00:00:00",
"db": "BID",
"id": "105875"
},
{
"date": "2019-03-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014176"
},
{
"date": "2020-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-201"
},
{
"date": "2024-11-21T03:55:10.910000",
"db": "NVD",
"id": "CVE-2018-17906"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips iSite PACS and IntelliSpace PACS Vulnerabilities related to certificate and password management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014176"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-201"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…