CVE-2018-14789

Опубликовано: 22 авг. 2018

Источник: nvd

CVSS3: 6.7

CVSS2: 4.6

EPSS Низкий

Описание

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01
Third Party Advisory
US Government Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01
Third Party Advisory
US Government Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:philips:intellispace_cardiovascular:*:*:*:*:*:*:*:*

Версия до 3.1 (включая)

cpe:2.3:a:philips:xcelera:*:*:*:*:*:*:*:*

Версия до 4.1 (включая)

EPSS

Процентиль: 41%

0.0019

Низкий

6.7 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-428

Связанные уязвимости

GHSA-j253-q87v-j6h6