7.2

CVE-2019-13530

Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhilipsIntellivue Mp Monitors Mp20-mp90 Firmware Versiona.03.09
   PhilipsM80010a Versiona
   PhilipsM8001a Versiona
   PhilipsM8002a Versiona
   PhilipsM8003a Versiona
   PhilipsM8004a Versiona
   PhilipsM8005a Versiona
   PhilipsM8007a Versiona
   PhilipsM8008a Versiona
PhilipsIntellivue Mp Monitors Mp5/5sc Firmware Versiona.03.09
   PhilipsM8105a Versiona
   PhilipsM8105as Versiona
PhilipsIntellivue Mp Monitors Mp2/x2 Firmware Versiona01.09
   PhilipsM3002a Versionb
   PhilipsM8102a Versionb
PhilipsIntellivue Mp Monitors Mx800/700/600 Firmware Versiona.01.09
   Philips865240 Versionb
   Philips865241 Versionb
   Philips865242 Versionb
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.26% 0.462
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-259 Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://www.us-cert.gov/ics/advisories/icsma-19-255-01
Third Party Advisory
US Government Resource
Mitigation