IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

Metrics

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00126.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Philips Subscribe
Avalon Fetal\/maternal Monitors Fm20 Subscribe
Avalon Fetal\/maternal Monitors Fm20 Firmware Subscribe
Avalon Fetal\/maternal Monitors Fm30 Subscribe
Avalon Fetal\/maternal Monitors Fm30 Firmware Subscribe
Avalon Fetal\/maternal Monitors Fm40 Subscribe
Avalon Fetal\/maternal Monitors Fm40 Firmware Subscribe
Avalon Fetal\/maternal Monitors Fm50 Subscribe
Avalon Fetal\/maternal Monitors Fm50 Firmware Subscribe
Intellivue Mp2 Subscribe
Intellivue Mp2 Firmware Subscribe
Intellivue Mp30 Subscribe
Intellivue Mp30 Firmware Subscribe
Intellivue Mp50 Subscribe
Intellivue Mp50 Firmware Subscribe
Intellivue Mp70 Subscribe
Intellivue Mp70 Firmware Subscribe
Intellivue Mx100 Subscribe
Intellivue Mx100 Firmware Subscribe
Intellivue Mx400 Subscribe
Intellivue Mx400 Firmware Subscribe
Intellivue Mx450 Subscribe
Intellivue Mx450 Firmware Subscribe
Intellivue Mx500 Subscribe
Intellivue Mx500 Firmware Subscribe
Intellivue Mx550 Subscribe
Intellivue Mx550 Firmware Subscribe
Intellivue Mx700 Subscribe
Intellivue Mx700 Firmware Subscribe
Intellivue Mx800 Subscribe
Intellivue Mx800 Firmware Subscribe
Intellivue Np90 Subscribe
Intellivue Np90 Firmware Subscribe
Intellivue X2 Subscribe
Intellivue X2 Firmware Subscribe
Intellivue X3 Subscribe
Intellivue X3 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm20:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm30:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm40:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm50:-:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2018-2669 IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2024-09-16T23:46:22.088Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10597

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-06-05T20:29:00.827

Modified: 2024-11-21T03:41:37.970

Link: CVE-2018-10597

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses