OpenCVE

Vendors	Products
Philips	Intellivue Mx40 Intellivue Mx40 Firmware

Link	Providers
http://www.securityfocus.com/bid/100813
https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security

{"containers": {"cna": {"affected": [{"product": "IntelliVue MX40 Patient Worn Monitor", "vendor": "Philips", "versions": [{"status": "affected", "version": "IntelliVue MX40 Patient Worn Monitor (WLAN only), all versions prior to Version B.06.18"}]}], "datePublic": "2017-09-12T00:00:00", "descriptions": [{"lang": "en", "value": "Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-755", "description": "Improper handling of exceptional conditions CWE-755", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-05-01T09:57:01", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"name": "100813", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/100813"}, {"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2017-09-12T00:00:00", "ID": "CVE-2017-9658", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "IntelliVue MX40 Patient Worn Monitor", "version": {"version_data": [{"version_value": "IntelliVue MX40 Patient Worn Monitor (WLAN only), all versions prior to Version B.06.18"}]}}]}, "vendor_name": "Philips"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper handling of exceptional conditions CWE-755"}]}]}, "references": {"reference_data": [{"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security", "refsource": "CONFIRM", "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"name": "100813", "refsource": "BID", "url": "http://www.securityfocus.com/bid/100813"}, {"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:18:01.182Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"name": "100813", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/100813"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2017-9658", "datePublished": "2018-04-30T15:00:00Z", "dateReserved": "2017-06-14T00:00:00", "dateUpdated": "2024-09-16T17:15:12.054Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:philips:intellivue_mx40_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "493FB2C6-0962-4E8E-BB55-BB02072BEA3B", "versionEndExcluding": "b.06.18", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:philips:intellivue_mx40:-:*:*:*:*:*:*:*", "matchCriteriaId": "71C26579-482B-4B19-8C5E-71A26A059894", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point."}, {"lang": "es", "value": "Se ha determinado que ciertos mensajes de gesti\u00f3n de red 802.11 invocan defensas de seguridad de introducci\u00f3n en lista negra de puntos de acceso cuando no es necesario, lo que podr\u00eda necesitar la intervenci\u00f3n del personal hospitalario para restablecer el dispositivo y la conexi\u00f3n de red con el punto de acceso Wi-Fi. Durante este estado, Philips IntelliVue MX40 B.06.18 puede conectarse a un punto de acceso alternativo con un rango de se\u00f1al para asociarlo a una estaci\u00f3n central de monitorizaci\u00f3n o puede seguir en modo de monitorizaci\u00f3n local hasta que el personal hospitalario restablezca el dispositivo. Puntuaci\u00f3n base de CVSS v3: 6.5, cadena de vector CVSS: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips ha lanzado una actualizaci\u00f3n de software, la versi\u00f3n B.06.18, para solucionar la vulnerabilidad de limpieza indebida de excepci\u00f3n lanzada. Adem\u00e1s, tambi\u00e9n ha implementado mitigaciones para reducir el riesgo asociado con la vulnerabilidad de gesti\u00f3n incorrecta de condiciones excepcionales. La actualizaci\u00f3n de software implementa mensajes y alarmas en el MX40 y en la estaci\u00f3n central de monitorizaci\u00f3n cuando el MX40 se desconecta del punto de acceso."}], "id": "CVE-2017-9658", "lastModified": "2024-11-21T03:36:35.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-30T15:29:00.227", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100813"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Vendor Advisory"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/100813"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-755"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-755"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object