CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8848
https://notcve.org/view.php?id=CVE-2018-8848
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software, tras su instalación, establece permisos incorrectos para un objeto que lo expone a un actor no planeado. • http://www.securityfocus.com/bid/105194 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2018-8850
https://notcve.org/view.php?id=CVE-2018-8850
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software no valida correctamente las entradas, l... • http://www.securityfocus.com/bid/105194 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-8852
https://notcve.org/view.php?id=CVE-2018-8852
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. Al autenticar a un usuario o establecer una nueva sesión de usuario, el software proporciona al atacante la oportunidad de robar sesiones autenticadas sin invalidar... • http://www.securityfocus.com/bid/105194 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2018-8854
https://notcve.org/view.php?id=CVE-2018-8854
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software no restringe correctamente el tamaño o la cantidad de recursos solicitados o influenciados por un actor, lo que puede emplearse para consumir más recursos de los planeados. • http://www.securityfocus.com/bid/105194 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8856
https://notcve.org/view.php?id=CVE-2018-8856
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software contiene una clave criptográfica embebida, que emplea para cifrar los datos internos. • http://www.securityfocus.com/bid/105194 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14787
https://notcve.org/view.php?id=CVE-2018-14787
22 Aug 2018 — In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. En los productos IntelliSpace Cardiovascular (ISCV) de Phillips (ISCV en versiones 2.x o anteriores y Xcelera en versiones 4.1 y anteriores), un atacante con privilegios escalados po... • https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01 • CWE-269: Improper Privilege Management •
CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14789
https://notcve.org/view.php?id=CVE-2018-14789
22 Aug 2018 — In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. En los productos IntelliSpace Cardiovascular (ISCV) de Phillips (ISCV en versiones 2.x o anteriores y Xcelera en versiones 4.1 y anteriores), se ha identificado una vulnerabilidad de elemento o ruta de búsqueda sin entrecomillar e... • https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01 • CWE-428: Unquoted Search Path or Element •
CVSS: 4.6EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14799
https://notcve.org/view.php?id=CVE-2018-14799
22 Aug 2018 — In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. En PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs de Philips, en todas las versiones anteriores a mayo de 2018, el dispositivo PageWriter no sanea los datos introducidos por el usuario. Esto puede conducir a vulnerabilidades de desbordamiento de búfer o de cadenas de formato. • http://www.securityfocus.com/bid/105103 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2018-14801
https://notcve.org/view.php?id=CVE-2018-14801
22 Aug 2018 — In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. En PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs de Philips, en todas las versiones anteriores a mayo de 2018, un atacante con contraseña de superusuario y acceso físico puede introducir di... • http://www.securityfocus.com/bid/105103 • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.3EPSS: 0%CPEs: 36EXPL: 0CVE-2018-10597
https://notcve.org/view.php?id=CVE-2018-10597
05 Jun 2018 — IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. IntelliVue Patient Monitors MP Series (incluyendo MP2/X2/MP30/MP50/MP70/NP90... • https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 • CWE-287: Improper Authentication CWE-787: Out-of-bounds Write •