CVE-2018-10597 - OpenCVE

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Avalon Fetal\/maternal Monitors Fm20 Avalon Fetal\/maternal Monitors Fm20 Firmware Avalon Fetal\/maternal Monitors Fm30 Avalon Fetal\/maternal Monitors Fm30 Firmware Avalon Fetal\/maternal Monitors Fm40 Avalon Fetal\/maternal Monitors Fm40 Firmware Avalon Fetal\/maternal Monitors Fm50 Avalon Fetal\/maternal Monitors Fm50 Firmware Intellivue Mp2 Intellivue Mp2 Firmware Intellivue Mp30 Intellivue Mp30 Firmware Intellivue Mp50 Intellivue Mp50 Firmware Intellivue Mp70 Intellivue Mp70 Firmware Intellivue Mx100 Intellivue Mx100 Firmware Intellivue Mx400 Intellivue Mx400 Firmware Intellivue Mx450 Intellivue Mx450 Firmware Intellivue Mx500 Intellivue Mx500 Firmware Intellivue Mx550 Intellivue Mx550 Firmware Intellivue Mx700 Intellivue Mx700 Firmware Intellivue Mx800 Intellivue Mx800 Firmware Intellivue Np90 Intellivue Np90 Firmware Intellivue X2 Intellivue X2 Firmware Intellivue X3 Intellivue X3 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm20:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm30:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm40:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm50:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2018-06-05T20:00:00Z

Updated: 2024-09-16T23:46:22.088Z

Reserved: 2018-05-01T00:00:00

Link: CVE-2018-10597

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-06-05T20:29:00.827

Modified: 2021-05-10T15:08:11.710

Link: CVE-2018-10597

Redhat

No data.

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object