Sign-up

ID

VAR-201803-2201


CVE

CVE-2018-7498


TITLE

Philips Alice 6 System Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003515

DESCRIPTION

In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys. Philips Alice 6 System Contains a cryptographic vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Alice 6 is a polysomnography (PSG) designed to record, display and print the clinician/doctor's physiological information. Philips Alice 6 is prone to an authentication-bypass vulnerability and an information-disclosure vulnerability. Attackers may exploit these issues to execute arbitrary code, gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Philips Alice 6 R8.0.2 and prior are vulnerable. An attacker could exploit this vulnerability to obtain sensitive information

Trust: 2.7

sources: NVD: CVE-2018-7498 // JVNDB: JVNDB-2018-003515 // CNVD: CNVD-2018-06522 // BID: 103537 // IVD: e2ea2f5f-39ab-11e9-9a44-000c29342cb1 // VULHUB: VHN-137530

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: e2ea2f5f-39ab-11e9-9a44-000c29342cb1 // CNVD: CNVD-2018-06522

AFFECTED PRODUCTS

vendor:philipsmodel:alice 6scope:lteversion:r8.0.2

Trust: 1.8

vendor:philipsmodel:alice <=r8.0.2scope:eqversion:6

Trust: 0.6

vendor:philipsmodel:alice 6scope:eqversion:r8.0.2

Trust: 0.6

vendor:philipsmodel:alice r8.0.2scope:eqversion:6

Trust: 0.3

vendor:alice 6model: - scope:eqversion:*

Trust: 0.2

sources: IVD: e2ea2f5f-39ab-11e9-9a44-000c29342cb1 // CNVD: CNVD-2018-06522 // BID: 103537 // JVNDB: JVNDB-2018-003515 // CNNVD: CNNVD-201803-1002 // NVD: CVE-2018-7498

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7498
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7498
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06522
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-1002
value: CRITICAL

Trust: 0.6

IVD: e2ea2f5f-39ab-11e9-9a44-000c29342cb1
value: CRITICAL

Trust: 0.2

VULHUB: VHN-137530
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-7498
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-06522
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2ea2f5f-39ab-11e9-9a44-000c29342cb1
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-137530
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-7498
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: e2ea2f5f-39ab-11e9-9a44-000c29342cb1 // CNVD: CNVD-2018-06522 // VULHUB: VHN-137530 // JVNDB: JVNDB-2018-003515 // CNNVD: CNNVD-201803-1002 // NVD: CVE-2018-7498

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.1

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-137530 // JVNDB: JVNDB-2018-003515 // NVD: CVE-2018-7498

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1002

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201803-1002

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003515

PATCH
title:Top Pageurl:https://www.usa.philips.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003515

EXTERNAL IDS
db:NVDid:CVE-2018-7498
Trust: 3.6
db:ICS CERTid:ICSMA-18-086-01
Trust: 3.4
db:BIDid:103537
Trust: 2.0
db:CNNVDid:CNNVD-201803-1002
Trust: 0.9
db:CNVDid:CNVD-2018-06522
Trust: 0.8
db:JVNDBid:JVNDB-2018-003515
Trust: 0.8
db:IVDid:E2EA2F5F-39AB-11E9-9A44-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-137530
Trust: 0.1
sources:
            
            
            IVD: e2ea2f5f-39ab-11e9-9a44-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-06522 // 
            
            
            
            VULHUB: VHN-137530 // 
            
            
            
            BID: 103537 // 
            
            
            
            JVNDB: JVNDB-2018-003515 // 
            
            
            
            CNNVD: CNNVD-201803-1002 // 
            
            
            
            NVD: CVE-2018-7498

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-086-01
Trust: 3.4
url:http://www.securityfocus.com/bid/103537
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7498
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7498
Trust: 0.8
url:http://www.usa.philips.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-06522 // 
            
            
            
            VULHUB: VHN-137530 // 
            
            
            
            BID: 103537 // 
            
            
            
            JVNDB: JVNDB-2018-003515 // 
            
            
            
            CNNVD: CNNVD-201803-1002 // 
            
            
            
            NVD: CVE-2018-7498

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103537

SOURCES
db:IVDid:e2ea2f5f-39ab-11e9-9a44-000c29342cb1
db:CNVDid:CNVD-2018-06522
db:VULHUBid:VHN-137530
db:BIDid:103537
db:JVNDBid:JVNDB-2018-003515
db:CNNVDid:CNNVD-201803-1002
db:NVDid:CVE-2018-7498

LAST UPDATE DATE
2024-11-23T22:55:55.021000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06522date:2018-03-29T00:00:00
db:VULHUBid:VHN-137530date:2019-10-09T00:00:00
db:BIDid:103537date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2018-003515date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1002date:2019-10-17T00:00:00
db:NVDid:CVE-2018-7498date:2024-11-21T04:12:14.943

SOURCES RELEASE DATE
db:IVDid:e2ea2f5f-39ab-11e9-9a44-000c29342cb1date:2018-03-28T00:00:00
db:CNVDid:CNVD-2018-06522date:2018-03-28T00:00:00
db:VULHUBid:VHN-137530date:2018-03-28T00:00:00
db:BIDid:103537date:2018-03-27T00:00:00
db:JVNDBid:JVNDB-2018-003515date:2018-05-25T00:00:00
db:CNNVDid:CNNVD-201803-1002date:2018-03-28T00:00:00
db:NVDid:CVE-2018-7498date:2018-03-28T17:29:00.383