Details of VAR-201805-0939

ID

VAR-201805-0939

CVE

CVE-2018-8857

TITLE

plural Philips Vulnerabilities related to the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-004912

DESCRIPTION

Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system. plural Philips The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Brilliance64 and others are CT scanners from Philips, the Netherlands. A security vulnerability exists in several Philips BrillianceCT devices that use hard-coded credentials (such as passwords or encryption keys) from the software in the device. Philips Brilliance Computed Tomography Systems are prone to the following security vulnerabilities: 1. A local privilege-escalation vulnerability. 2. Multiple local information-disclosure vulnerabilities An attacker may leverage these issues to obtain sensitive information, gain elevated privileges; this can result in arbitrary code execution within the context of the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions. Philips Brilliance 64 etc

Trust: 2.7

sources: NVD: CVE-2018-8857 // JVNDB: JVNDB-2018-004912 // CNVD: CNVD-2018-09234 // BID: 104088 // IVD: e2eeea52-39ab-11e9-9d17-000c29342cb1 // VULHUB: VHN-138889

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2eeea52-39ab-11e9-9d17-000c29342cb1 // CNVD: CNVD-2018-09234

AFFECTED PRODUCTS

vendor:	philips	model:	brilliance 64	scope:	lte	version:	2.6.2	Trust: 1.8
vendor:	philips	model:	brilliance ct big bore	scope:	lte	version:	2.3.5	Trust: 1.8
vendor:	philips	model:	brilliance ict	scope:	lte	version:	4.1.6	Trust: 1.8
vendor:	philips	model:	brilliance ict sp	scope:	lte	version:	3.2.4	Trust: 1.0
vendor:	philips	model:	brilliance ict	scope:	eq	version:	4.1.6	Trust: 0.9
vendor:	philips	model:	brilliance ct big bore	scope:	eq	version:	2.3.5	Trust: 0.9
vendor:	philips	model:	brillance ict sp	scope:	lte	version:	3.2.4	Trust: 0.8
vendor:	philips	model:	brilliance	scope:	eq	version:	64<=2.6.2	Trust: 0.6
vendor:	philips	model:	brilliance ict	scope:	lte	version:	<=4.1.6	Trust: 0.6
vendor:	philips	model:	brillance ict sp	scope:	lte	version:	<=3.2.4	Trust: 0.6
vendor:	philips	model:	brilliance ct big bore	scope:	lte	version:	<=2.3.5	Trust: 0.6
vendor:	philips	model:	brilliance ict sp	scope:	eq	version:	3.2.4	Trust: 0.6
vendor:	philips	model:	brilliance 64	scope:	eq	version:	2.6.2	Trust: 0.6
vendor:	philips	model:	brilliance	scope:	eq	version:	642.6.2	Trust: 0.3
vendor:	philips	model:	brillance ict sp	scope:	eq	version:	3.2.4	Trust: 0.3
vendor:	brilliance 64	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	brilliance ict sp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	brilliance ict	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	brilliance ct big bore	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2eeea52-39ab-11e9-9d17-000c29342cb1 // CNVD: CNVD-2018-09234 // BID: 104088 // JVNDB: JVNDB-2018-004912 // CNNVD: CNNVD-201805-179 // NVD: CVE-2018-8857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8857
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-8857
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-09234
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201805-179
value:	HIGH
Trust: 0.6
IVD:	e2eeea52-39ab-11e9-9d17-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-138889
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-8857
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-09234
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2eeea52-39ab-11e9-9d17-000c29342cb1
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-138889
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8857
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2eeea52-39ab-11e9-9d17-000c29342cb1 // CNVD: CNVD-2018-09234 // VULHUB: VHN-138889 // JVNDB: JVNDB-2018-004912 // CNNVD: CNNVD-201805-179 // NVD: CVE-2018-8857

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-138889 // JVNDB: JVNDB-2018-004912 // NVD: CVE-2018-8857

THREAT TYPE

local

Trust: 0.9

sources: BID: 104088 // CNNVD: CNNVD-201805-179

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201805-179

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004912

PATCH

title:	Philips CT Imaging System Vulnerabilities (1-MAY-2018)	url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 0.8
title:	Patch for the hard coded certificate vulnerability of PhilipsBrillianceCTScanners	url:	https://www.cnvd.org.cn/patchInfo/show/128551	Trust: 0.6
title:	Multiple Philips Brilliance CT Repair measures for device security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=100294	Trust: 0.6

sources: CNVD: CNVD-2018-09234 // JVNDB: JVNDB-2018-004912 // CNNVD: CNNVD-201805-179

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8857	Trust: 3.6
db:	ICS CERT	id:	ICSMA-18-123-01	Trust: 2.8
db:	BID	id:	104088	Trust: 2.6
db:	CNVD	id:	CNVD-2018-09234	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-179	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004912	Trust: 0.8
db:	IVD	id:	E2EEEA52-39AB-11E9-9D17-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-138889	Trust: 0.1

sources: IVD: e2eeea52-39ab-11e9-9d17-000c29342cb1 // CNVD: CNVD-2018-09234 // VULHUB: VHN-138889 // BID: 104088 // JVNDB: JVNDB-2018-004912 // CNNVD: CNNVD-201805-179 // NVD: CVE-2018-8857

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-123-01	Trust: 2.8
url:	http://www.securityfocus.com/bid/104088	Trust: 1.7
url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8857	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8857	Trust: 0.8
url:	http://www.usa.philips.com/	Trust: 0.3

sources: CNVD: CNVD-2018-09234 // VULHUB: VHN-138889 // BID: 104088 // JVNDB: JVNDB-2018-004912 // CNNVD: CNNVD-201805-179 // NVD: CVE-2018-8857

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 104088

SOURCES

db:	IVD	id:	e2eeea52-39ab-11e9-9d17-000c29342cb1
db:	CNVD	id:	CNVD-2018-09234
db:	VULHUB	id:	VHN-138889
db:	BID	id:	104088
db:	JVNDB	id:	JVNDB-2018-004912
db:	CNNVD	id:	CNNVD-201805-179
db:	NVD	id:	CVE-2018-8857

LAST UPDATE DATE

2024-11-23T22:41:50.749000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09234	date:	2018-05-10T00:00:00
db:	VULHUB	id:	VHN-138889	date:	2019-10-09T00:00:00
db:	BID	id:	104088	date:	2018-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-004912	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-179	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-8857	date:	2024-11-21T04:14:27.937

SOURCES RELEASE DATE

db:	IVD	id:	e2eeea52-39ab-11e9-9d17-000c29342cb1	date:	2018-05-10T00:00:00
db:	CNVD	id:	CNVD-2018-09234	date:	2018-05-10T00:00:00
db:	VULHUB	id:	VHN-138889	date:	2018-05-04T00:00:00
db:	BID	id:	104088	date:	2018-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-004912	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-179	date:	2018-05-07T00:00:00
db:	NVD	id:	CVE-2018-8857	date:	2018-05-04T17:29:00.503