7.2

CVE-2018-14801

EPSS 0.1%
Veröffentlicht 22.08.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 03:49:49
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Philips ≫ Pagewriter Tc70 Firmware Version-

Philips ≫ Pagewriter Tc70 Version-

Philips ≫ Pagewriter Tc50 Firmware Version-

Philips ≫ Pagewriter Tc50 Version-

Philips ≫ Pagewriter Tc30 Firmware Version-

Philips ≫ Pagewriter Tc30 Version-

Philips ≫ Pagewriter Tc20 Firmware Version-

Philips ≫ Pagewriter Tc20 Version-

Philips ≫ Pagewriter Tc10 Firmware Version-

Philips ≫ Pagewriter Tc10 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.286

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.2	0.3	5.9	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.usa.philips.com/healthcare/about/customer-support/product-security

Vendor Advisory

http://www.securityfocus.com/bid/105103

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01

Third Party Advisory

US Government Resource

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-14801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14801

EUVD