CVE-2018-14799
Severity Score
3.7
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
En PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs de Philips, en todas las versiones anteriores a mayo de 2018, el dispositivo PageWriter no sanea los datos introducidos por el usuario. Esto puede conducir a vulnerabilidades de desbordamiento de bĂșfer o de cadenas de formato.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-01 CVE Reserved
- 2018-08-22 CVE Published
- 2023-08-16 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105103 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.usa.philips.com/healthcare/about/customer-support/product-security | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Pagewriter Tc70 Firmware Search vendor "Philips" for product "Pagewriter Tc70 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc70 Search vendor "Philips" for product "Pagewriter Tc70" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc50 Firmware Search vendor "Philips" for product "Pagewriter Tc50 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc50 Search vendor "Philips" for product "Pagewriter Tc50" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc30 Firmware Search vendor "Philips" for product "Pagewriter Tc30 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc30 Search vendor "Philips" for product "Pagewriter Tc30" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc20 Firmware Search vendor "Philips" for product "Pagewriter Tc20 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc20 Search vendor "Philips" for product "Pagewriter Tc20" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc10 Firmware Search vendor "Philips" for product "Pagewriter Tc10 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc10 Search vendor "Philips" for product "Pagewriter Tc10" | - | - |
Safe
|