CVE-2018-14801
Severity Score
6.2
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
En PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs de Philips, en todas las versiones anteriores a mayo de 2018, un atacante con contraseña de superusuario y acceso físico puede introducir dicha contraseña de superusuario que se puede usar acceder y modificar toda la configuración del dispositivo, así como permitir que el usuario reinicie las contraseñas existentes.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-08-01 CVE Reserved
- 2018-08-22 CVE Published
- 2023-08-16 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/105103 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.usa.philips.com/healthcare/about/customer-support/product-security | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Pagewriter Tc70 Firmware Search vendor "Philips" for product "Pagewriter Tc70 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc70 Search vendor "Philips" for product "Pagewriter Tc70" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc50 Firmware Search vendor "Philips" for product "Pagewriter Tc50 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc50 Search vendor "Philips" for product "Pagewriter Tc50" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc30 Firmware Search vendor "Philips" for product "Pagewriter Tc30 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc30 Search vendor "Philips" for product "Pagewriter Tc30" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc20 Firmware Search vendor "Philips" for product "Pagewriter Tc20 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc20 Search vendor "Philips" for product "Pagewriter Tc20" | - | - |
Safe
|
| Philips Search vendor "Philips" | Pagewriter Tc10 Firmware Search vendor "Philips" for product "Pagewriter Tc10 Firmware" | - | - |
Affected
| in | Philips Search vendor "Philips" | Pagewriter Tc10 Search vendor "Philips" for product "Pagewriter Tc10" | - | - |
Safe
|