CVE-2019-13546 - Vulnerability Details - OpenCVE

In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Intellispace Perinatal

Configuration 1 [-]

cpe:2.3:a:philips:intellispace_perinatal:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.us-cert.gov/ics/advisories/icsma-19-297-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2019-10-25T17:54:57

Updated: 2024-08-04T23:57:39.429Z

Reserved: 2019-07-11T00:00:00

Link: CVE-2019-13546

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-10-25T18:15:10.800

Modified: 2024-11-21T04:25:07.223

Link: CVE-2019-13546

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "IntelliSpace Perinatal", "vendor": "n/a", "versions": [{"status": "affected", "version": "Versions K and prior"}]}], "descriptions": [{"lang": "en", "value": "In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-668", "description": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-10-25T17:54:57", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2019-13546", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IntelliSpace Perinatal", "version": {"version_data": [{"version_value": "Versions K and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "EXPOSURE OF RESOURCE TO WRONG SPHERE CWE-668"}]}]}, "references": {"reference_data": [{"name": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:57:39.429Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2019-13546", "datePublished": "2019-10-25T17:54:57", "dateReserved": "2019-07-11T00:00:00", "dateUpdated": "2024-08-04T23:57:39.429Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:intellispace_perinatal:*:*:*:*:*:*:*:*", "matchCriteriaId": "37A716EF-35F5-467A-9932-C153BB7A46A4", "versionEndIncluding": "k", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system."}, {"lang": "es", "value": "En IntelliSpace Perinatal, Versiones K y anteriores, una vulnerabilidad dentro del entorno de la aplicaci\u00f3n IntelliSpace Perinatal podr\u00eda permitir que un atacante no autorizado con acceso f\u00edsico a una pantalla de aplicaci\u00f3n bloqueada, o un usuario autorizado de la aplicaci\u00f3n host de sesi\u00f3n de escritorio remoto se libere de la contenci\u00f3n de la aplicaci\u00f3n y acceda a recursos no autorizados desde el sistema operativo Windows como usuario de Windows de acceso limitado. Debido a vulnerabilidades potenciales de Windows, es posible que sean utilizados m\u00e9todos de ataque adicionales para escalar los privilegios sobre el sistema operativo."}], "id": "CVE-2019-13546", "lastModified": "2024-11-21T04:25:07.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-25T18:15:10.800", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.us-cert.gov/ics/advisories/icsma-19-297-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}