CVE-2018-10601

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.
References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx800:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx400:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx450:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx500:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx550:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_x3:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:intellivue_mx100:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm20:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm30:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm40:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:avalon_fetal\/maternal_monitors_fm50:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-05 20:29

Updated : 2024-02-28 16:25


NVD link : CVE-2018-10601

Mitre link : CVE-2018-10601

CVE.ORG link : CVE-2018-10601


JSON object : View

Products Affected

philips

  • avalon_fetal\/maternal_monitors_fm30_firmware
  • avalon_fetal\/maternal_monitors_fm50_firmware
  • intellivue_x2
  • intellivue_mp50
  • intellivue_mx700_firmware
  • avalon_fetal\/maternal_monitors_fm40
  • intellivue_mx100
  • intellivue_x3
  • intellivue_mx450
  • intellivue_mx800
  • intellivue_mp50_firmware
  • intellivue_x3_firmware
  • avalon_fetal\/maternal_monitors_fm20
  • intellivue_mx700
  • intellivue_np90
  • intellivue_mp30
  • avalon_fetal\/maternal_monitors_fm20_firmware
  • intellivue_np90_firmware
  • intellivue_mx100_firmware
  • intellivue_mx400
  • intellivue_mx400_firmware
  • intellivue_mx500_firmware
  • intellivue_mp70_firmware
  • intellivue_mp2_firmware
  • avalon_fetal\/maternal_monitors_fm30
  • avalon_fetal\/maternal_monitors_fm50
  • intellivue_mp70
  • intellivue_mx800_firmware
  • intellivue_mx500
  • intellivue_mp2
  • intellivue_mx450_firmware
  • intellivue_mp30_firmware
  • intellivue_x2_firmware
  • intellivue_mx550
  • avalon_fetal\/maternal_monitors_fm40_firmware
  • intellivue_mx550_firmware
CWE
CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow