Sign-up

ID

VAR-201808-0377


CVE

CVE-2018-14789


TITLE

Philips IntelliSpace Cardiovascular and Xcelera Vulnerable to unquoted search paths or elements

Trust: 0.8

sources: JVNDB: JVNDB-2018-009872

DESCRIPTION

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera Contains an unquoted search path or element vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state

Trust: 1.62

sources: NVD: CVE-2018-14789 // JVNDB: JVNDB-2018-009872

AFFECTED PRODUCTS

vendor:philipsmodel:xcelerascope:lteversion:4.1

Trust: 1.0

vendor:philipsmodel:intellispace cardiovascularscope:lteversion:3.1

Trust: 1.0

vendor:phillipsmodel:intellispace cardiovascularscope:lteversion:3.1

Trust: 0.8

vendor:phillipsmodel:xcelerascope:lteversion:4.1

Trust: 0.8

vendor:phillipsmodel:xcelerascope:eqversion:4.1

Trust: 0.6

vendor:phillipsmodel:intellispace cardiovascularscope:eqversion:3.1

Trust: 0.6

sources: JVNDB: JVNDB-2018-009872 // CNNVD: CNNVD-201808-633 // NVD: CVE-2018-14789

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14789
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-14789
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201808-633
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-14789
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-14789
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2018-14789
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2018-009872 // CNNVD: CNNVD-201808-633 // NVD: CVE-2018-14789

PROBLEMTYPE DATA

problemtype:CWE-428

Trust: 1.8

sources: JVNDB: JVNDB-2018-009872 // NVD: CVE-2018-14789

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-633

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-633

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009872

PATCH
title:Philips IntelliSpace Cardiovascular (ISCV) and Xcelera (14-Aug-2018)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009872

EXTERNAL IDS
db:ICS CERTid:ICSMA-18-226-01
Trust: 2.4
db:NVDid:CVE-2018-14789
Trust: 2.4
db:JVNDBid:JVNDB-2018-009872
Trust: 0.8
db:CNNVDid:CNNVD-201808-633
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-009872 // 
            
            
            
            CNNVD: CNNVD-201808-633 // 
            
            
            
            NVD: CVE-2018-14789

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-226-01
Trust: 2.4
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14789
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14789
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-009872 // 
            
            
            
            CNNVD: CNNVD-201808-633 // 
            
            
            
            NVD: CVE-2018-14789

CREDITS
Philips
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201808-633

SOURCES
db:JVNDBid:JVNDB-2018-009872
db:CNNVDid:CNNVD-201808-633
db:NVDid:CVE-2018-14789

LAST UPDATE DATE
2024-11-23T22:22:01.322000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-009872date:2018-11-30T00:00:00
db:CNNVDid:CNNVD-201808-633date:2019-10-17T00:00:00
db:NVDid:CVE-2018-14789date:2024-11-21T03:49:47.833

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-009872date:2018-11-30T00:00:00
db:CNNVDid:CNNVD-201808-633date:2018-08-22T00:00:00
db:NVDid:CVE-2018-14789date:2018-08-22T18:29:00.433