Sign-up

ID

VAR-201808-0376


CVE

CVE-2018-14787


TITLE

Philips IntelliSpace Cardiovascular and Xcelera Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2018-009945

DESCRIPTION

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera are both products of Philips in the Netherlands. Philips ISCV is a cardiac imaging information management system. Xcelera is its predecessor. There are security vulnerabilities in Philips ISCV 2.x and earlier versions and Xcelera 4.1 and earlier versions. The vulnerabilities are caused by the failure of the program to perform proper rights management

Trust: 2.16

sources: NVD: CVE-2018-14787 // JVNDB: JVNDB-2018-009945 // CNVD: CNVD-2020-53791

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-53791

AFFECTED PRODUCTS

vendor:philipsmodel:xcelerascope:lteversion:4.1

Trust: 1.8

vendor:philipsmodel:intellispace cardiovascularscope:lteversion:3.1

Trust: 1.0

vendor:philipsmodel:intellispace cardiovascularscope:lteversion:2.x

Trust: 0.8

vendor:philipsmodel:intellispace cardiovascularscope:lteversion:<=2.*

Trust: 0.6

vendor:philipsmodel:xcelerascope:lteversion:<=4.1

Trust: 0.6

vendor:phillipsmodel:xcelerascope:eqversion:4.1

Trust: 0.6

vendor:phillipsmodel:intellispace cardiovascularscope:eqversion:3.1

Trust: 0.6

sources: CNVD: CNVD-2020-53791 // JVNDB: JVNDB-2018-009945 // CNNVD: CNNVD-201808-632 // NVD: CVE-2018-14787

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14787
value: HIGH

Trust: 1.0

NVD: CVE-2018-14787
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-53791
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201808-632
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2018-14787
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-53791
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-14787
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-14787
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-53791 // JVNDB: JVNDB-2018-009945 // CNNVD: CNNVD-201808-632 // NVD: CVE-2018-14787

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

sources: JVNDB: JVNDB-2018-009945 // NVD: CVE-2018-14787

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-632

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201808-632

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009945

PATCH
title:Philips IntelliSpace Cardiovascular (ISCV) and Xcelera (14-Aug-2018)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:Philips IntelliSpace Cardiovascular  and Xcelera Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84228
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009945 // 
            
            
            
            CNNVD: CNNVD-201808-632

EXTERNAL IDS
db:NVDid:CVE-2018-14787
Trust: 3.0
db:ICS CERTid:ICSMA-18-226-01
Trust: 2.4
db:JVNDBid:JVNDB-2018-009945
Trust: 0.8
db:CNVDid:CNVD-2020-53791
Trust: 0.6
db:CNNVDid:CNNVD-201808-632
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-53791 // 
            
            
            
            JVNDB: JVNDB-2018-009945 // 
            
            
            
            CNNVD: CNNVD-201808-632 // 
            
            
            
            NVD: CVE-2018-14787

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-226-01
Trust: 2.4
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-14787
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14787
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2020-53791 // 
            
            
            
            JVNDB: JVNDB-2018-009945 // 
            
            
            
            CNNVD: CNNVD-201808-632 // 
            
            
            
            NVD: CVE-2018-14787

CREDITS
Philips
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201808-632

SOURCES
db:CNVDid:CNVD-2020-53791
db:JVNDBid:JVNDB-2018-009945
db:CNNVDid:CNNVD-201808-632
db:NVDid:CVE-2018-14787

LAST UPDATE DATE
2024-11-23T22:22:01.295000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-53791date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2018-009945date:2018-11-30T00:00:00
db:CNNVDid:CNNVD-201808-632date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14787date:2024-11-21T03:49:47.560

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-53791date:2020-09-24T00:00:00
db:JVNDBid:JVNDB-2018-009945date:2018-11-30T00:00:00
db:CNNVDid:CNNVD-201808-632date:2018-08-22T00:00:00
db:NVDid:CVE-2018-14787date:2018-08-22T18:29:00.340