CVE-2018-14799 - Vulnerability Details

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

No CVSS v4.0

No CVSS v3.1

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Pagewriter Tc10 Pagewriter Tc10 Firmware Pagewriter Tc20 Pagewriter Tc20 Firmware Pagewriter Tc30 Pagewriter Tc30 Firmware Pagewriter Tc50 Pagewriter Tc50 Firmware Pagewriter Tc70 Pagewriter Tc70 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:philips:pagewriter_tc70_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc70:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:philips:pagewriter_tc50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc50:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:philips:pagewriter_tc30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc30:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:philips:pagewriter_tc20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc20:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:philips:pagewriter_tc10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:pagewriter_tc10:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/105103
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-08-22T18:00:00Z

Updated: 2024-09-17T02:52:10.387Z

Reserved: 2018-08-01T00:00:00

Link: CVE-2018-14799

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-08-22T18:29:00.543

Modified: 2024-11-21T03:49:49.167

Link: CVE-2018-14799

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object