Details of VAR-201910-1185

ID

VAR-201910-1185

CVE

CVE-2019-13546

TITLE

Philips IntelliSpace Perinatal Unauthorized Access Vulnerability

Trust: 0.8

sources: IVD: cf25a1ff-3911-424d-b4d4-d620eb92f614 // CNVD: CNVD-2019-39582

DESCRIPTION

In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. IntelliSpace Perinatal Contains a vulnerability related to the disclosure of resources to the wrong area.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips IntelliSpace Perinatal is a set of information management solutions for obstetric care in the medical industry for Philips in Europe. An unauthorized access vulnerability exists in Philips IntelliSpace Perinatal K and previous versions

Trust: 2.52

sources: NVD: CVE-2019-13546 // JVNDB: JVNDB-2019-011352 // CNVD: CNVD-2019-39582 // IVD: cf25a1ff-3911-424d-b4d4-d620eb92f614 // VULHUB: VHN-145403 // VULMON: CVE-2019-13546

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: cf25a1ff-3911-424d-b4d4-d620eb92f614 // CNVD: CNVD-2019-39582

AFFECTED PRODUCTS

vendor:	philips	model:	intellispace perinatal	scope:	lte	version:	k	Trust: 1.8
vendor:	philips	model:	intellispace perinatal <=k	scope:	-	version:	-	Trust: 0.6
vendor:	intellispace perinatal	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: cf25a1ff-3911-424d-b4d4-d620eb92f614 // CNVD: CNVD-2019-39582 // JVNDB: JVNDB-2019-011352 // NVD: CVE-2019-13546

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13546
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-13546
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-39582
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201910-1482
value:	MEDIUM
Trust: 0.6
IVD:	cf25a1ff-3911-424d-b4d4-d620eb92f614
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-145403
value:	HIGH
Trust: 0.1
VULMON:	CVE-2019-13546
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-13546
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2019-39582
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	cf25a1ff-3911-424d-b4d4-d620eb92f614
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-145403
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13546
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-13546
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: IVD: cf25a1ff-3911-424d-b4d4-d620eb92f614 // CNVD: CNVD-2019-39582 // VULHUB: VHN-145403 // VULMON: CVE-2019-13546 // JVNDB: JVNDB-2019-011352 // CNNVD: CNNVD-201910-1482 // NVD: CVE-2019-13546

PROBLEMTYPE DATA

problemtype:

CWE-668

Trust: 1.9

sources: VULHUB: VHN-145403 // JVNDB: JVNDB-2019-011352 // NVD: CVE-2019-13546

TYPE

other

Trust: 0.8

sources: IVD: cf25a1ff-3911-424d-b4d4-d620eb92f614 // CNNVD: CNNVD-201910-1482

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-011352

PATCH

title:

IntelliSpace Perinatal

url:

https://www.usa.philips.com/healthcare/product/HCNOCTN177/intellispace-perinatal-perinatal-information-system

Trust: 0.8

sources: JVNDB: JVNDB-2019-011352

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13546	Trust: 3.4
db:	ICS CERT	id:	ICSMA-19-297-01	Trust: 3.2
db:	CNNVD	id:	CNNVD-201910-1482	Trust: 0.9
db:	CNVD	id:	CNVD-2019-39582	Trust: 0.8
db:	JVNDB	id:	JVNDB-2019-011352	Trust: 0.8
db:	NSFOCUS	id:	47525	Trust: 0.6
db:	IVD	id:	CF25A1FF-3911-424D-B4D4-D620EB92F614	Trust: 0.2
db:	VULHUB	id:	VHN-145403	Trust: 0.1
db:	VULMON	id:	CVE-2019-13546	Trust: 0.1

REFERENCES

url:	https://www.us-cert.gov/ics/advisories/icsma-19-297-01	Trust: 3.2
url:	https://nvd.nist.gov/vuln/detail/cve-2019-13546	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13546	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47525	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/668.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110668	Trust: 0.1

sources: CNVD: CNVD-2019-39582 // VULHUB: VHN-145403 // VULMON: CVE-2019-13546 // JVNDB: JVNDB-2019-011352 // CNNVD: CNNVD-201910-1482 // NVD: CVE-2019-13546

SOURCES

db:	IVD	id:	cf25a1ff-3911-424d-b4d4-d620eb92f614
db:	CNVD	id:	CNVD-2019-39582
db:	VULHUB	id:	VHN-145403
db:	VULMON	id:	CVE-2019-13546
db:	JVNDB	id:	JVNDB-2019-011352
db:	CNNVD	id:	CNNVD-201910-1482
db:	NVD	id:	CVE-2019-13546

LAST UPDATE DATE

2024-11-23T21:36:34.649000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-39582	date:	2019-11-07T00:00:00
db:	VULHUB	id:	VHN-145403	date:	2019-10-30T00:00:00
db:	VULMON	id:	CVE-2019-13546	date:	2019-10-30T00:00:00
db:	JVNDB	id:	JVNDB-2019-011352	date:	2019-11-06T00:00:00
db:	CNNVD	id:	CNNVD-201910-1482	date:	2020-08-10T00:00:00
db:	NVD	id:	CVE-2019-13546	date:	2024-11-21T04:25:07.223

SOURCES RELEASE DATE

db:	IVD	id:	cf25a1ff-3911-424d-b4d4-d620eb92f614	date:	2019-11-07T00:00:00
db:	CNVD	id:	CNVD-2019-39582	date:	2019-11-07T00:00:00
db:	VULHUB	id:	VHN-145403	date:	2019-10-25T00:00:00
db:	VULMON	id:	CVE-2019-13546	date:	2019-10-25T00:00:00
db:	JVNDB	id:	JVNDB-2019-011352	date:	2019-11-06T00:00:00
db:	CNNVD	id:	CNNVD-201910-1482	date:	2019-10-24T00:00:00
db:	NVD	id:	CVE-2019-13546	date:	2019-10-25T18:15:10.800