CVE-2018-14799

Опубликовано: 22 авг. 2018

Источник: nvd

CVSS3: 3.7

CVSS2: 4.6

EPSS Низкий

Описание

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

Ссылки

http://www.securityfocus.com/bid/105103
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
Third Party Advisory
US Government Resource
VDB Entry
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory
http://www.securityfocus.com/bid/105103
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
Third Party Advisory
US Government Resource
VDB Entry
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:philips:pagewriter_tc70_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc70:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:philips:pagewriter_tc50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc50:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:philips:pagewriter_tc30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc30:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:philips:pagewriter_tc20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc20:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:philips:pagewriter_tc10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc10:-:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00163

Низкий

3.7 Low

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

CWE-119

Связанные уязвимости

GHSA-ccf7-hf4p-q3gc

CVSS3: 3.7

github

больше 3 лет назад

EPSS

Процентиль: 37%

0.00163

Низкий

3.7 Low

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-20

CWE-119