Sign-up

ID

VAR-201809-1165


CVE

CVE-2018-8842


TITLE

Philips e-Alert Unit Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-010693

DESCRIPTION

Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. Philips e-Alert Unit Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips e-Alert is prone to the following security vulnerabilities: 1. An input-validation vulnerability 2. A cross-site scripting vulnerability 3. Multiple information-disclosure vulnerabilities 4. An insecure default permissions vulnerability 5. A cross-site request-forgery vulnerability 6. A session-fixation vulnerability 7. A denial-of-service vulnerability 8. A security-bypass vulnerability Attackers may exploit these issues to gain unauthorized access to the affected device, or to bypass certain security restrictions to perform unauthorized actions, to compromise the application to access or modify data and to exploit vulnerabilities in the underlying database, to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site or to execute arbitrary code within the context of the affected device. e-Alert R2.1 and prior are vulnerable. Philips e-Alert is an electronic alert solution for MRI systems from Philips, the Netherlands. It is mainly used to monitor the performance of MRI systems and issue alerts

Trust: 1.98

sources: NVD: CVE-2018-8842 // JVNDB: JVNDB-2018-010693 // BID: 105194 // VULHUB: VHN-138874

AFFECTED PRODUCTS

vendor:philipsmodel:e-alertscope:lteversion:r2.1

Trust: 1.8

vendor:philipsmodel:e-alertscope:eqversion:r2.1

Trust: 0.6

vendor:philipsmodel:e-alert r2.1scope: - version: -

Trust: 0.3

vendor:philipsmodel:e-alert r2scope: - version: -

Trust: 0.3

sources: BID: 105194 // JVNDB: JVNDB-2018-010693 // CNNVD: CNNVD-201809-114 // NVD: CVE-2018-8842

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-8842
value: HIGH

Trust: 1.0

NVD: CVE-2018-8842
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201809-114
value: HIGH

Trust: 0.6

VULHUB: VHN-138874
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-8842
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-138874
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-8842
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-138874 // JVNDB: JVNDB-2018-010693 // CNNVD: CNNVD-201809-114 // NVD: CVE-2018-8842

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-138874 // JVNDB: JVNDB-2018-010693 // NVD: CVE-2018-8842

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201809-114

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201809-114

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-010693

PATCH
title:Philips e-Alert Unit Vulnerabilities (30-AUG-2018)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:Philips e-Alert Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84475
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-010693 // 
            
            
            
            CNNVD: CNNVD-201809-114

EXTERNAL IDS
db:ICS CERTid:ICSA-18-242-01
Trust: 2.8
db:NVDid:CVE-2018-8842
Trust: 2.8
db:BIDid:105194
Trust: 2.0
db:JVNDBid:JVNDB-2018-010693
Trust: 0.8
db:CNNVDid:CNNVD-201809-114
Trust: 0.7
db:VULHUBid:VHN-138874
Trust: 0.1
sources:
            
            
            VULHUB: VHN-138874 // 
            
            
            
            BID: 105194 // 
            
            
            
            JVNDB: JVNDB-2018-010693 // 
            
            
            
            CNNVD: CNNVD-201809-114 // 
            
            
            
            NVD: CVE-2018-8842

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-18-242-01
Trust: 2.8
url:http://www.securityfocus.com/bid/105194
Trust: 1.7
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8842
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-8842
Trust: 0.8
sources:
            
            
            VULHUB: VHN-138874 // 
            
            
            
            BID: 105194 // 
            
            
            
            JVNDB: JVNDB-2018-010693 // 
            
            
            
            CNNVD: CNNVD-201809-114 // 
            
            
            
            NVD: CVE-2018-8842

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 105194

SOURCES
db:VULHUBid:VHN-138874
db:BIDid:105194
db:JVNDBid:JVNDB-2018-010693
db:CNNVDid:CNNVD-201809-114
db:NVDid:CVE-2018-8842

LAST UPDATE DATE
2024-11-23T22:26:13.106000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-138874date:2019-10-09T00:00:00
db:BIDid:105194date:2018-08-30T00:00:00
db:JVNDBid:JVNDB-2018-010693date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201809-114date:2019-10-17T00:00:00
db:NVDid:CVE-2018-8842date:2024-11-21T04:14:25.930

SOURCES RELEASE DATE
db:VULHUBid:VHN-138874date:2018-09-26T00:00:00
db:BIDid:105194date:2018-08-30T00:00:00
db:JVNDBid:JVNDB-2018-010693date:2018-12-20T00:00:00
db:CNNVDid:CNNVD-201809-114date:2018-09-04T00:00:00
db:NVDid:CVE-2018-8842date:2018-09-26T19:29:00.690