Details of VAR-201805-0941

ID

VAR-201805-0941

CVE

CVE-2018-8861

TITLE

Philips Brilliance CT Scanners Unauthorized Access Vulnerability

Trust: 0.8

sources: IVD: e2ef115e-39ab-11e9-a2cb-000c29342cb1 // CNVD: CNVD-2018-09238

DESCRIPTION

Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system. plural Philips The product contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips Brilliance64 and others are CT scanners from Philips, the Netherlands. There are security holes in the kiosk environment in several Philips BrillianceCT devices. Philips Brilliance Computed Tomography Systems are prone to the following security vulnerabilities: 1. A local privilege-escalation vulnerability. 2. Multiple local information-disclosure vulnerabilities An attacker may leverage these issues to obtain sensitive information, gain elevated privileges; this can result in arbitrary code execution within the context of the vulnerable application. Failed exploit attempts will likely cause denial-of-service conditions. Philips Brilliance 64 etc

Trust: 2.7

sources: NVD: CVE-2018-8861 // JVNDB: JVNDB-2018-004913 // CNVD: CNVD-2018-09238 // BID: 104088 // IVD: e2ef115e-39ab-11e9-a2cb-000c29342cb1 // VULHUB: VHN-138893

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2ef115e-39ab-11e9-a2cb-000c29342cb1 // CNVD: CNVD-2018-09238

AFFECTED PRODUCTS

vendor:	philips	model:	brilliance 64	scope:	lte	version:	2.6.2	Trust: 1.8
vendor:	philips	model:	brilliance ct big bore	scope:	lte	version:	2.3.5	Trust: 1.8
vendor:	philips	model:	brilliance ict	scope:	lte	version:	4.1.6	Trust: 1.8
vendor:	philips	model:	brilliance ict sp	scope:	lte	version:	3.2.4	Trust: 1.0
vendor:	philips	model:	brilliance ict	scope:	eq	version:	4.1.6	Trust: 0.9
vendor:	philips	model:	brilliance ct big bore	scope:	eq	version:	2.3.5	Trust: 0.9
vendor:	philips	model:	brillance ict sp	scope:	lte	version:	3.2.4	Trust: 0.8
vendor:	philips	model:	brilliance	scope:	eq	version:	64<=2.6.2	Trust: 0.6
vendor:	philips	model:	brilliance ict	scope:	lte	version:	<=4.1.6	Trust: 0.6
vendor:	philips	model:	brillance ict sp	scope:	lte	version:	<=3.2.4	Trust: 0.6
vendor:	philips	model:	brilliance ct big bore	scope:	lte	version:	<=2.3.5	Trust: 0.6
vendor:	philips	model:	brilliance ict sp	scope:	eq	version:	3.2.4	Trust: 0.6
vendor:	philips	model:	brilliance 64	scope:	eq	version:	2.6.2	Trust: 0.6
vendor:	philips	model:	brilliance	scope:	eq	version:	642.6.2	Trust: 0.3
vendor:	philips	model:	brillance ict sp	scope:	eq	version:	3.2.4	Trust: 0.3
vendor:	brilliance 64	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	brilliance ict sp	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	brilliance ict	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	brilliance ct big bore	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2ef115e-39ab-11e9-a2cb-000c29342cb1 // CNVD: CNVD-2018-09238 // BID: 104088 // JVNDB: JVNDB-2018-004913 // CNNVD: CNNVD-201805-178 // NVD: CVE-2018-8861

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-8861
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-8861
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-09238
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201805-178
value:	HIGH
Trust: 0.6
IVD:	e2ef115e-39ab-11e9-a2cb-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-138893
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-8861
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-09238
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:L/AC:L/AU:N/C:C/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2ef115e-39ab-11e9-a2cb-000c29342cb1
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:L/AC:L/AU:N/C:C/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-138893
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	9.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-8861
baseSeverity:	HIGH
baseScore:	8.7
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	LOW
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.0
Trust: 1.8

sources: IVD: e2ef115e-39ab-11e9-a2cb-000c29342cb1 // CNVD: CNVD-2018-09238 // VULHUB: VHN-138893 // JVNDB: JVNDB-2018-004913 // CNNVD: CNNVD-201805-178 // NVD: CVE-2018-8861

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-668	Trust: 1.0
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-138893 // JVNDB: JVNDB-2018-004913 // NVD: CVE-2018-8861

THREAT TYPE

local

Trust: 0.9

sources: BID: 104088 // CNNVD: CNNVD-201805-178

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-178

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-004913

PATCH

title:	Philips CT Imaging System Vulnerabilities (1-MAY-2018)	url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 0.8
title:	PhilipsBrillianceCTScanners does not authorize access to vulnerable patches	url:	https://www.cnvd.org.cn/patchInfo/show/128561	Trust: 0.6

sources: CNVD: CNVD-2018-09238 // JVNDB: JVNDB-2018-004913

EXTERNAL IDS

db:	NVD	id:	CVE-2018-8861	Trust: 3.6
db:	ICS CERT	id:	ICSMA-18-123-01	Trust: 3.4
db:	BID	id:	104088	Trust: 2.6
db:	CNNVD	id:	CNNVD-201805-178	Trust: 0.9
db:	CNVD	id:	CNVD-2018-09238	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-004913	Trust: 0.8
db:	IVD	id:	E2EF115E-39AB-11E9-A2CB-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-138893	Trust: 0.1

sources: IVD: e2ef115e-39ab-11e9-a2cb-000c29342cb1 // CNVD: CNVD-2018-09238 // VULHUB: VHN-138893 // BID: 104088 // JVNDB: JVNDB-2018-004913 // CNNVD: CNNVD-201805-178 // NVD: CVE-2018-8861

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-123-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/104088	Trust: 2.3
url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 2.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8861	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-8861	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsma-18-123-01	Trust: 0.6
url:	http://www.usa.philips.com/	Trust: 0.3

sources: CNVD: CNVD-2018-09238 // VULHUB: VHN-138893 // BID: 104088 // JVNDB: JVNDB-2018-004913 // CNNVD: CNNVD-201805-178 // NVD: CVE-2018-8861

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 104088

SOURCES

db:	IVD	id:	e2ef115e-39ab-11e9-a2cb-000c29342cb1
db:	CNVD	id:	CNVD-2018-09238
db:	VULHUB	id:	VHN-138893
db:	BID	id:	104088
db:	JVNDB	id:	JVNDB-2018-004913
db:	CNNVD	id:	CNNVD-201805-178
db:	NVD	id:	CVE-2018-8861

LAST UPDATE DATE

2024-11-23T22:41:50.789000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-09238	date:	2018-05-10T00:00:00
db:	VULHUB	id:	VHN-138893	date:	2019-10-09T00:00:00
db:	BID	id:	104088	date:	2018-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-004913	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-178	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-8861	date:	2024-11-21T04:14:28.440

SOURCES RELEASE DATE

db:	IVD	id:	e2ef115e-39ab-11e9-a2cb-000c29342cb1	date:	2018-05-10T00:00:00
db:	CNVD	id:	CNVD-2018-09238	date:	2018-05-09T00:00:00
db:	VULHUB	id:	VHN-138893	date:	2018-05-04T00:00:00
db:	BID	id:	104088	date:	2018-05-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-004913	date:	2018-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201805-178	date:	2018-05-07T00:00:00
db:	NVD	id:	CVE-2018-8861	date:	2018-05-04T17:29:00.583