Sign-up

ID

VAR-201808-0382


CVE

CVE-2018-14799


TITLE

plural Philips PageWriter Vulnerability related to input validation in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009732

DESCRIPTION

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. plural Philips PageWriter The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhilipsPageWriterTC10Cardiograph and other are different types of electrocardiograph equipment from Philips. An attacker could exploit the vulnerability to obtain sensitive information or execute arbitrary code. Failed attempts may lead to a denial-of-service condition

Trust: 2.7

sources: NVD: CVE-2018-14799 // JVNDB: JVNDB-2018-009732 // CNVD: CNVD-2018-15733 // BID: 105103 // IVD: e2f8120f-39ab-11e9-8584-000c29342cb1 // VULHUB: VHN-124994

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: e2f8120f-39ab-11e9-8584-000c29342cb1 // CNVD: CNVD-2018-15733

AFFECTED PRODUCTS

vendor:philipsmodel:pagewriter tc50scope:eqversion: -

Trust: 1.6

vendor:philipsmodel:pagewriter tc20scope:eqversion: -

Trust: 1.6

vendor:philipsmodel:pagewriter tc30scope:eqversion: -

Trust: 1.6

vendor:philipsmodel:pagewriter tc10scope:eqversion: -

Trust: 1.6

vendor:philipsmodel:pagewriter tc70scope:eqversion: -

Trust: 1.6

vendor:philipsmodel:pagewriter tc70 cardiographscope:eqversion:0

Trust: 0.9

vendor:philipsmodel:pagewriter tc50 cardiographscope:eqversion:0

Trust: 0.9

vendor:philipsmodel:pagewriter tc30 cardiographscope:eqversion:0

Trust: 0.9

vendor:philipsmodel:pagewriter tc20 cardiographscope:eqversion:0

Trust: 0.9

vendor:philipsmodel:pagewriter tc10 cardiographscope:eqversion:0

Trust: 0.9

vendor:philipsmodel:pagewriter tc10scope:eqversion:2018/05

Trust: 0.8

vendor:philipsmodel:pagewriter tc20scope:eqversion:2018/05

Trust: 0.8

vendor:philipsmodel:pagewriter tc30scope:eqversion:2018/05

Trust: 0.8

vendor:philipsmodel:pagewriter tc50scope:eqversion:2018/05

Trust: 0.8

vendor:philipsmodel:pagewriter tc70scope:eqversion:2018/05

Trust: 0.8

vendor:pagewriter tc70model: - scope:eqversion: -

Trust: 0.2

vendor:pagewriter tc50model: - scope:eqversion: -

Trust: 0.2

vendor:pagewriter tc30model: - scope:eqversion: -

Trust: 0.2

vendor:pagewriter tc20model: - scope:eqversion: -

Trust: 0.2

vendor:pagewriter tc10model: - scope:eqversion: -

Trust: 0.2

sources: IVD: e2f8120f-39ab-11e9-8584-000c29342cb1 // CNVD: CNVD-2018-15733 // BID: 105103 // JVNDB: JVNDB-2018-009732 // CNNVD: CNNVD-201808-566 // NVD: CVE-2018-14799

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14799
value: LOW

Trust: 1.0

NVD: CVE-2018-14799
value: LOW

Trust: 0.8

CNVD: CNVD-2018-15733
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201808-566
value: LOW

Trust: 0.6

IVD: e2f8120f-39ab-11e9-8584-000c29342cb1
value: LOW

Trust: 0.2

VULHUB: VHN-124994
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14799
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-15733
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: e2f8120f-39ab-11e9-8584-000c29342cb1
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-124994
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14799
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 0.3
impactScore: 3.4
version: 3.0

Trust: 1.8

sources: IVD: e2f8120f-39ab-11e9-8584-000c29342cb1 // CNVD: CNVD-2018-15733 // VULHUB: VHN-124994 // JVNDB: JVNDB-2018-009732 // CNNVD: CNNVD-201808-566 // NVD: CVE-2018-14799

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-119

Trust: 1.1

problemtype:CWE-134

Trust: 1.0

sources: VULHUB: VHN-124994 // JVNDB: JVNDB-2018-009732 // NVD: CVE-2018-14799

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-566

TYPE

Format string error

Trust: 0.8

sources: IVD: e2f8120f-39ab-11e9-8584-000c29342cb1 // CNNVD: CNNVD-201808-566

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-009732

PATCH
title:Philips PageWriter TC Series (16-August-2018)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:A number of Philips products incorrectly verify patches for vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/138011
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-15733 // 
            
            
            
            JVNDB: JVNDB-2018-009732

EXTERNAL IDS
db:NVDid:CVE-2018-14799
Trust: 3.6
db:ICS CERTid:ICSMA-18-228-01
Trust: 3.4
db:BIDid:105103
Trust: 2.6
db:CNNVDid:CNNVD-201808-566
Trust: 0.9
db:CNVDid:CNVD-2018-15733
Trust: 0.8
db:JVNDBid:JVNDB-2018-009732
Trust: 0.8
db:IVDid:E2F8120F-39AB-11E9-8584-000C29342CB1
Trust: 0.2
db:VULHUBid:VHN-124994
Trust: 0.1
sources:
            
            
            IVD: e2f8120f-39ab-11e9-8584-000c29342cb1 // 
            
            
            
            CNVD: CNVD-2018-15733 // 
            
            
            
            VULHUB: VHN-124994 // 
            
            
            
            BID: 105103 // 
            
            
            
            JVNDB: JVNDB-2018-009732 // 
            
            
            
            CNNVD: CNNVD-201808-566 // 
            
            
            
            NVD: CVE-2018-14799

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-228-01
Trust: 3.4
url:http://www.securityfocus.com/bid/105103
Trust: 1.7
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14799
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-14799
Trust: 0.8
url:https://www.us-cert.gov/ics/advisories/icsma-18-228-01
Trust: 0.6
url:http://www.usa.philips.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-15733 // 
            
            
            
            VULHUB: VHN-124994 // 
            
            
            
            BID: 105103 // 
            
            
            
            JVNDB: JVNDB-2018-009732 // 
            
            
            
            CNNVD: CNNVD-201808-566 // 
            
            
            
            NVD: CVE-2018-14799

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105103

SOURCES
db:IVDid:e2f8120f-39ab-11e9-8584-000c29342cb1
db:CNVDid:CNVD-2018-15733
db:VULHUBid:VHN-124994
db:BIDid:105103
db:JVNDBid:JVNDB-2018-009732
db:CNNVDid:CNNVD-201808-566
db:NVDid:CVE-2018-14799

LAST UPDATE DATE
2024-11-23T22:34:08.669000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-15733date:2018-08-21T00:00:00
db:VULHUBid:VHN-124994date:2019-10-09T00:00:00
db:BIDid:105103date:2018-08-16T00:00:00
db:JVNDBid:JVNDB-2018-009732date:2018-11-27T00:00:00
db:CNNVDid:CNNVD-201808-566date:2020-06-10T00:00:00
db:NVDid:CVE-2018-14799date:2024-11-21T03:49:49.167

SOURCES RELEASE DATE
db:IVDid:e2f8120f-39ab-11e9-8584-000c29342cb1date:2018-08-21T00:00:00
db:CNVDid:CNVD-2018-15733date:2018-08-21T00:00:00
db:VULHUBid:VHN-124994date:2018-08-22T00:00:00
db:BIDid:105103date:2018-08-16T00:00:00
db:JVNDBid:JVNDB-2018-009732date:2018-11-27T00:00:00
db:CNNVDid:CNNVD-201808-566date:2018-08-20T00:00:00
db:NVDid:CVE-2018-14799date:2018-08-22T18:29:00.543