Details of VAR-201808-0396

ID

VAR-201808-0396

CVE

CVE-2018-14801

TITLE

plural Philips PageWriter Vulnerabilities related to the use of hard-coded credentials in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-009731

DESCRIPTION

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. plural Philips PageWriter The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PhilipsPageWriterTC10Cardiograph and other are different types of electrocardiograph equipment from Philips. A security vulnerability exists in several Philips products that originated from the use of hard-coded credentials by programs. Successful exploits can allow attackers to bypass the security mechanism and perform unauthorized actions, obtain sensitive information or to execute arbitrary code in the context of the affected application. Failed attempts may lead to a denial-of-service condition. The following products and versions are affected: Philips PageWriter TC10 Cardiograph prior to May 2018; TC20 Cardiograph prior to May 2018; TC30 Cardiograph prior to May 2018; TC50 Cardiograph prior to May 2018; TC70 Cardiograph prior to May 2018 previous version of the month

Trust: 2.7

sources: NVD: CVE-2018-14801 // JVNDB: JVNDB-2018-009731 // CNVD: CNVD-2018-15734 // BID: 105103 // IVD: e2f7eb00-39ab-11e9-9933-000c29342cb1 // VULHUB: VHN-124997

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f7eb00-39ab-11e9-9933-000c29342cb1 // CNVD: CNVD-2018-15734

AFFECTED PRODUCTS

vendor:	philips	model:	pagewriter tc50	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	pagewriter tc20	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	pagewriter tc30	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	pagewriter tc10	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	pagewriter tc70	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	pagewriter tc70 cardiograph	scope:	eq	version:	0	Trust: 0.9
vendor:	philips	model:	pagewriter tc50 cardiograph	scope:	eq	version:	0	Trust: 0.9
vendor:	philips	model:	pagewriter tc30 cardiograph	scope:	eq	version:	0	Trust: 0.9
vendor:	philips	model:	pagewriter tc20 cardiograph	scope:	eq	version:	0	Trust: 0.9
vendor:	philips	model:	pagewriter tc10 cardiograph	scope:	eq	version:	0	Trust: 0.9
vendor:	philips	model:	pagewriter tc10	scope:	eq	version:	2018/05	Trust: 0.8
vendor:	philips	model:	pagewriter tc20	scope:	eq	version:	2018/05	Trust: 0.8
vendor:	philips	model:	pagewriter tc30	scope:	eq	version:	2018/05	Trust: 0.8
vendor:	philips	model:	pagewriter tc50	scope:	eq	version:	2018/05	Trust: 0.8
vendor:	philips	model:	pagewriter tc70	scope:	eq	version:	2018/05	Trust: 0.8
vendor:	pagewriter tc70	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	pagewriter tc50	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	pagewriter tc30	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	pagewriter tc20	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	pagewriter tc10	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2f7eb00-39ab-11e9-9933-000c29342cb1 // CNVD: CNVD-2018-15734 // BID: 105103 // JVNDB: JVNDB-2018-009731 // CNNVD: CNNVD-201808-567 // NVD: CVE-2018-14801

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14801
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-14801
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-15734
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201808-567
value:	MEDIUM
Trust: 0.6
IVD:	e2f7eb00-39ab-11e9-9933-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-124997
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14801
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-15734
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f7eb00-39ab-11e9-9933-000c29342cb1
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-124997
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14801
baseSeverity:	MEDIUM
baseScore:	6.2
vectorString:	CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.3
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2f7eb00-39ab-11e9-9933-000c29342cb1 // CNVD: CNVD-2018-15734 // VULHUB: VHN-124997 // JVNDB: JVNDB-2018-009731 // CNNVD: CNNVD-201808-567 // NVD: CVE-2018-14801

PROBLEMTYPE DATA

problemtype:

CWE-798

Trust: 1.9

sources: VULHUB: VHN-124997 // JVNDB: JVNDB-2018-009731 // NVD: CVE-2018-14801

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201808-567

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201808-567

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009731

PATCH

title:	Philips PageWriter TC Series (16-August-2018)	url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 0.8
title:	Patches for several Philips product hardcoded vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/138015	Trust: 0.6

sources: CNVD: CNVD-2018-15734 // JVNDB: JVNDB-2018-009731

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14801	Trust: 3.6
db:	ICS CERT	id:	ICSMA-18-228-01	Trust: 3.4
db:	BID	id:	105103	Trust: 2.6
db:	CNNVD	id:	CNNVD-201808-567	Trust: 0.9
db:	CNVD	id:	CNVD-2018-15734	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-009731	Trust: 0.8
db:	IVD	id:	E2F7EB00-39AB-11E9-9933-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-124997	Trust: 0.1

sources: IVD: e2f7eb00-39ab-11e9-9933-000c29342cb1 // CNVD: CNVD-2018-15734 // VULHUB: VHN-124997 // BID: 105103 // JVNDB: JVNDB-2018-009731 // CNNVD: CNNVD-201808-567 // NVD: CVE-2018-14801

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-228-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/105103	Trust: 1.7
url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14801	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14801	Trust: 0.8
url:	https://www.us-cert.gov/ics/advisories/icsma-18-228-01	Trust: 0.6
url:	http://www.usa.philips.com/	Trust: 0.3

sources: CNVD: CNVD-2018-15734 // VULHUB: VHN-124997 // BID: 105103 // JVNDB: JVNDB-2018-009731 // CNNVD: CNNVD-201808-567 // NVD: CVE-2018-14801

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 105103

SOURCES

db:	IVD	id:	e2f7eb00-39ab-11e9-9933-000c29342cb1
db:	CNVD	id:	CNVD-2018-15734
db:	VULHUB	id:	VHN-124997
db:	BID	id:	105103
db:	JVNDB	id:	JVNDB-2018-009731
db:	CNNVD	id:	CNNVD-201808-567
db:	NVD	id:	CVE-2018-14801

LAST UPDATE DATE

2024-11-23T22:34:08.629000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-15734	date:	2018-08-21T00:00:00
db:	VULHUB	id:	VHN-124997	date:	2019-10-09T00:00:00
db:	BID	id:	105103	date:	2018-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-009731	date:	2018-11-27T00:00:00
db:	CNNVD	id:	CNNVD-201808-567	date:	2020-06-10T00:00:00
db:	NVD	id:	CVE-2018-14801	date:	2024-11-21T03:49:49.447

SOURCES RELEASE DATE

db:	IVD	id:	e2f7eb00-39ab-11e9-9933-000c29342cb1	date:	2018-08-21T00:00:00
db:	CNVD	id:	CNVD-2018-15734	date:	2018-08-21T00:00:00
db:	VULHUB	id:	VHN-124997	date:	2018-08-22T00:00:00
db:	BID	id:	105103	date:	2018-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-009731	date:	2018-11-27T00:00:00
db:	CNNVD	id:	CNNVD-201808-567	date:	2018-08-20T00:00:00
db:	NVD	id:	CVE-2018-14801	date:	2018-08-22T18:29:00.650