CVE-2018-14801

Опубликовано: 22 авг. 2018

Источник: nvd

CVSS3: 6.2

CVSS2: 7.2

EPSS Низкий

Описание

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.

Ссылки

http://www.securityfocus.com/bid/105103
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
Third Party Advisory
US Government Resource
VDB Entry
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory
http://www.securityfocus.com/bid/105103
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
Third Party Advisory
US Government Resource
VDB Entry
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:philips:pagewriter_tc70_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc70:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:philips:pagewriter_tc50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc50:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:philips:pagewriter_tc30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc30:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:philips:pagewriter_tc20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc20:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:philips:pagewriter_tc10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc10:-:*:*:*:*:*:*:*

EPSS

Процентиль: 28%

0.00102

Низкий

6.2 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-v52g-8mcm-r52h

CVSS3: 6.2

github

больше 3 лет назад

EPSS

Процентиль: 28%

0.00102

Низкий

6.2 Medium

CVSS3

7.2 High

CVSS2

Дефекты

CWE-798