Details of VAR-201811-0099

ID

VAR-201811-0099

CVE

CVE-2018-17906

TITLE

Philips iSite PACS and IntelliSpace PACS Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2018-014176

DESCRIPTION

Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. Philips iSite PACS and IntelliSpace PACS Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. An access bypass vulnerability exists in Philips iSite PACS and IntelliSpace PACS that an attacker can use to control the components of the system. Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks

Trust: 2.7

sources: NVD: CVE-2018-17906 // JVNDB: JVNDB-2018-014176 // CNVD: CNVD-2018-26105 // BID: 105875 // IVD: 7d82d141-463f-11e9-bb42-000c29342cb1 // VULHUB: VHN-128412

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 7d82d141-463f-11e9-bb42-000c29342cb1 // CNVD: CNVD-2018-26105

AFFECTED PRODUCTS

vendor:	philips	model:	isite pacs	scope:	-	version:	-	Trust: 1.4
vendor:	philips	model:	intellispace pacs	scope:	-	version:	-	Trust: 1.4
vendor:	philips	model:	intellispace pacs	scope:	eq	version:	*	Trust: 1.0
vendor:	philips	model:	isite pacs	scope:	eq	version:	*	Trust: 1.0
vendor:	philips	model:	isite pacs	scope:	eq	version:	0	Trust: 0.3
vendor:	philips	model:	intellispace pacs	scope:	eq	version:	0	Trust: 0.3
vendor:	intellispace pacs	model:	-	scope:	eq	version:	*	Trust: 0.2
vendor:	isite pacs	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 7d82d141-463f-11e9-bb42-000c29342cb1 // CNVD: CNVD-2018-26105 // BID: 105875 // JVNDB: JVNDB-2018-014176 // NVD: CVE-2018-17906

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-17906
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-17906
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-26105
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201811-201
value:	HIGH
Trust: 0.6
IVD:	7d82d141-463f-11e9-bb42-000c29342cb1
value:	HIGH
Trust: 0.2
VULHUB:	VHN-128412
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-17906
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-26105
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	7d82d141-463f-11e9-bb42-000c29342cb1
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-128412
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-17906
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-17906
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: 7d82d141-463f-11e9-bb42-000c29342cb1 // CNVD: CNVD-2018-26105 // VULHUB: VHN-128412 // JVNDB: JVNDB-2018-014176 // CNNVD: CNNVD-201811-201 // NVD: CVE-2018-17906

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-1188	Trust: 1.0
problemtype:	CWE-521	Trust: 1.0
problemtype:	CWE-255	Trust: 0.9

sources: VULHUB: VHN-128412 // JVNDB: JVNDB-2018-014176 // NVD: CVE-2018-17906

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201811-201

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201811-201

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-014176

PATCH

title:	Top Page	url:	https://www.philips.com/global	Trust: 0.8
title:	Philips iSite PACS and IntelliSpace PACS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86673	Trust: 0.6

sources: JVNDB: JVNDB-2018-014176 // CNNVD: CNNVD-201811-201

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17906	Trust: 3.6
db:	ICS CERT	id:	ICSMA-18-312-01	Trust: 3.4
db:	BID	id:	105875	Trust: 2.0
db:	CNNVD	id:	CNNVD-201811-201	Trust: 0.9
db:	CNVD	id:	CNVD-2018-26105	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-014176	Trust: 0.8
db:	IVD	id:	7D82D141-463F-11E9-BB42-000C29342CB1	Trust: 0.2
db:	SEEBUG	id:	SSVID-98859	Trust: 0.1
db:	VULHUB	id:	VHN-128412	Trust: 0.1

sources: IVD: 7d82d141-463f-11e9-bb42-000c29342cb1 // CNVD: CNVD-2018-26105 // VULHUB: VHN-128412 // BID: 105875 // JVNDB: JVNDB-2018-014176 // CNNVD: CNNVD-201811-201 // NVD: CVE-2018-17906

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-312-01	Trust: 3.4
url:	http://www.securityfocus.com/bid/105875	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17906	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17906	Trust: 0.8
url:	http://www.usa.philips.com/	Trust: 0.3

sources: CNVD: CNVD-2018-26105 // VULHUB: VHN-128412 // BID: 105875 // JVNDB: JVNDB-2018-014176 // CNNVD: CNNVD-201811-201 // NVD: CVE-2018-17906

CREDITS

Unknown

Trust: 0.3

sources: BID: 105875

SOURCES

db:	IVD	id:	7d82d141-463f-11e9-bb42-000c29342cb1
db:	CNVD	id:	CNVD-2018-26105
db:	VULHUB	id:	VHN-128412
db:	BID	id:	105875
db:	JVNDB	id:	JVNDB-2018-014176
db:	CNNVD	id:	CNNVD-201811-201
db:	NVD	id:	CVE-2018-17906

LAST UPDATE DATE

2024-11-23T23:04:56.760000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-26105	date:	2018-12-21T00:00:00
db:	VULHUB	id:	VHN-128412	date:	2020-09-18T00:00:00
db:	BID	id:	105875	date:	2018-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-014176	date:	2019-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201811-201	date:	2020-09-21T00:00:00
db:	NVD	id:	CVE-2018-17906	date:	2024-11-21T03:55:10.910

SOURCES RELEASE DATE

db:	IVD	id:	7d82d141-463f-11e9-bb42-000c29342cb1	date:	2018-12-21T00:00:00
db:	CNVD	id:	CNVD-2018-26105	date:	2018-12-21T00:00:00
db:	VULHUB	id:	VHN-128412	date:	2018-11-19T00:00:00
db:	BID	id:	105875	date:	2018-11-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-014176	date:	2019-03-13T00:00:00
db:	CNNVD	id:	CNNVD-201811-201	date:	2018-11-09T00:00:00
db:	NVD	id:	CVE-2018-17906	date:	2018-11-19T20:29:00.703