7.2

CVE-2018-14801

EPSS 0.1%
Published 22.08.2018 18:29:00
Last modified 21.11.2024 03:49:49
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Philips ≫ Pagewriter Tc70 Firmware Version-

Philips ≫ Pagewriter Tc70 Version-

Philips ≫ Pagewriter Tc50 Firmware Version-

Philips ≫ Pagewriter Tc50 Version-

Philips ≫ Pagewriter Tc30 Firmware Version-

Philips ≫ Pagewriter Tc30 Version-

Philips ≫ Pagewriter Tc20 Firmware Version-

Philips ≫ Pagewriter Tc20 Version-

Philips ≫ Pagewriter Tc10 Firmware Version-

Philips ≫ Pagewriter Tc10 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.286

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.2	0.3	5.9	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.usa.philips.com/healthcare/about/customer-support/product-security

Vendor Advisory

http://www.securityfocus.com/bid/105103

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01

Third Party Advisory

US Government Resource

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-14801

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14801

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14801

EUVD