CVE-2018-10601

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2018-10601
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

5.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:A/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 5.5 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm20:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm30:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm40:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm50:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2018-06-05 20:29

Updated : 2024-02-28 16:25

NVD link : CVE-2018-10601

Mitre link : CVE-2018-10601

CVE.ORG link : CVE-2018-10601

JSON object : View

Products Affected

philips

  • avalon_fetal\/maternal_monitors_fm30_firmware
  • avalon_fetal\/maternal_monitors_fm50_firmware
  • intellivue_x2
  • intellivue_mp50
  • intellivue_mx700_firmware
  • avalon_fetal\/maternal_monitors_fm40
  • intellivue_mx100
  • intellivue_x3
  • intellivue_mx450
  • intellivue_mx800
  • intellivue_mp50_firmware
  • intellivue_x3_firmware
  • avalon_fetal\/maternal_monitors_fm20
  • intellivue_mx700
  • intellivue_np90
  • intellivue_mp30
  • avalon_fetal\/maternal_monitors_fm20_firmware
  • intellivue_np90_firmware
  • intellivue_mx100_firmware
  • intellivue_mx400
  • intellivue_mx400_firmware
  • intellivue_mx500_firmware
  • intellivue_mp70_firmware
  • intellivue_mp2_firmware
  • avalon_fetal\/maternal_monitors_fm30
  • avalon_fetal\/maternal_monitors_fm50
  • intellivue_mp70
  • intellivue_mx800_firmware
  • intellivue_mx500
  • intellivue_mp2
  • intellivue_mx450_firmware
  • intellivue_mp30_firmware
  • intellivue_x2_firmware
  • intellivue_mx550
  • avalon_fetal\/maternal_monitors_fm40_firmware
  • intellivue_mx550_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024